Apple and Google are preparing patches for a newly-revealed bug in the web encryption protocols used by the two companies' mobile browsers.
The FREAK bug disclosed yesterday is the latest in a series of vulnerabilities affecting the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols used to encrypt traffic between an HTTPS website and a browser.
A man-in-the-middle attacker can force connections between affected browsers and websites to downgrade from 'strong' RSA encryption to a weaker version known as 'export grade' RSA. That weaker version is a by-product of laws from the 1990s that made it illegal to export from the US products with strong cryptography.
Learn more:
- http://www.scoop.it/t/21st-century-learning-and-teaching/?tag=FREAK
The FREAK bug disclosed yesterday is the latest in a series of vulnerabilities affecting the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols used to encrypt traffic between an HTTPS website and a browser.
A man-in-the-middle attacker can force connections between affected browsers and websites to downgrade from 'strong' RSA encryption to a weaker version known as 'export grade' RSA. That weaker version is a by-product of laws from the 1990s that made it illegal to export from the US products with strong cryptography.
Learn more:
- http://www.scoop.it/t/21st-century-learning-and-teaching/?tag=FREAK