This article is about how Apple and Google's devices have made millions of their users vulnerable whilst surfing the internet, to a newly discovered security flaw known as the FREAK attack. It discusses how many different sites became vulnerable due to this flaw and that Apple and Google have been working to resolve the issue.
- About a third of all encrypted websites were vulnerable as of Tuesday, including sites operated by American Express, Groupon, Kohl’s, Marriott and some government agencies, the researchers said.
- University of Michigan computer scientist Zakir Durumeric said the vulnerability affects Apple web browsers and the browser built into Google’s Android software, but not Google’s Chrome browser or current browsers from Microsoft or Firefox-maker Mozilla.
- Apple Inc. and Google Inc. both said Tuesday they have created software updates to fix the “FREAK attack” flaw, which derives its name from an acronym of ‘Factoring attack on RSA-EXPORT Keys’.
- But some experts said the problem shows the danger of government policies that require any weakening of encryption code, even to help fight crime or threats to national security. They warned those policies could inadvertently provide access to hackers.
- “This was a policy decision made 20 years ago and it’s now coming back to bite us,” said Edward Felten, a professor of computer science and public affairs at Princeton, referring to the old restrictions on exporting encryption code.
No comments:
Post a Comment