Goddamnit.
Real link to credible doc describing flaw.
Freak SSL flaw
Microsoft is warning that all Windows operating systems are at risk from the vulnerability known as Freak, for "Factoring RSA-EXPORT Keys." The flaw exists in SSL, which is used to secure online communications, and could be abused by an attacker to force crypto suites to downgrade from using a "strong" RSA cipher to a weaker, "export-grade" RSA cipher.
A dollar says this was on purpose.
"Be bold, and mighty forces will come to your aid."
GORDON wrote:Microsoft is warning that all Windows operating systems are at risk from the vulnerability known as Freak, for "Factoring RSA-EXPORT Keys." The flaw exists in SSL, which is used to secure online communications, and could be abused by an attacker to force crypto suites to downgrade from using a "strong" RSA cipher to a weaker, "export-grade" RSA cipher.
A dollar says this was on purpose.
FREAK ("Factoring RSA Export Keys") is a security exploit of a cryptographic weakness in the SSL/TLS protocols introduced decades earlier for compliance with U.S. export regulations
...
While the exploit was only discovered in 2015, its underlying vulnerabilities had been present for many years, dating back to the 1990s.
Yep. Heard about those regs years ago when I was still an undergrad. Fortunately SSL is open source, so someone will fix it very soon.
Edited By Malcolm on 1425682952
Diogenes of Sinope: "It is not that I am mad, it is only that my head is different from yours."
Arnold Judas Rimmer, BSC, SSC: "Better dead than smeg."
Arnold Judas Rimmer, BSC, SSC: "Better dead than smeg."