FREAK – SSL vulnerability

matrix-434037_1280If you’re involved in or, have an interest in IT it’s likely that you have heard news recently about a security vulnerability that has been discovered in the SSL protocol.

This vulnerability has been given the name ‘FREAK’.

What is SSL?

SSL is the protocol that is used to communicate with secure web servers. Many software programs also make frequent use of SSL.

Who is at risk?

Those that are at risk of FREAK are more likely to be organisations with web servers that may not be properly configured and, those that have a vulnerable web browser. It requires both ends – the server and the browser – to be vulnerable.

What is the risk?

The potential risk of this vulnerability is that individuals that know how to, could potentially intercept encrypted traffic and force it to use a weaker encryption that they are then able to decipher.

What is the level of risk?

Our Technical experts at Flair 4 IT are currently treating the risk as low because:

  • There are no known exploits currently available
  • The method of attack is complex, and it requires the use of specific browsers and servers

What is being done?

Microsoft are currently working on a fix for all versions of Windows and Windows servers. We believe this should be available in the near future. Other browsers including Chrome and Firefox on Windows have already been patched.

What can you do in the short term? 

Whilst Flair 4 IT do not believe this is something to be excessively concerned over for most organisations in the short term, we do recommend if you are worried to simply use Firefox or Chrome as your web browser.