FREAK is another serious flaw in the web’s encryption

Experts are warning of a serious security flaw that has apparently gone undetected for years and can weaken encrypted connections between computers and websites, potentially undermining security across the Internet.

The flaw, which has been dubbed FREAK, affects the widely used Secure Sockets Layer protocol and its successor, Transport Layer Security, and can allow an attacker to intercept supposedly encrypted traffic as it moves between clients and servers.

The flaw affects many popular websites, as well as programs including Apple’s Safari browser and Google’s Android mobile OS, security experts say. Applications that use a version of OpenSSL prior to 1.0.1k are also vulnerable to the bug, detailed in this advisory.

To read this article in full or to leave a comment, please click here

Read more: FREAK is another serious flaw in the web’s encryption

Story added 4. March 2015, content source with full text you can find at link above.