Posts

Security vulnerability

FREAK SSL/TLS vulnerability

A new SSL/TLS vulnerability named “FREAK” was identified by several security researchers. This threat allows an attacker to get between a client and server and view what is intended to be a secure and private communication. The vulnerability is primarily due to a bug in OpenSSL client software, but only exploitable on poorly configured web servers. Both clients and servers are at risk. Web site owners can protect their sites by properly configuring their web servers by removing affected ciphers and restarting their servers.

Read more