By Tim Maytom
Security researchers are warning that a flaw leftover from the 1990s in OpenSSL and Apple’s SecureTransport is putting users at risk, enabling attacked to decrypt login cookies and other sensitive information.
The ‘Freak’ bug (which stands for ‘Factoring Attack on RSA-EXPORT Keys’) affects older Android browsers and Safari for all versions of iOS and OS, endangering any information transmitted over the internet, including credit card details, passwords, private messages and medical information.
Around 10 per cent of websites are also affected, placing visitors at risk regardless of the browser used to access the site. However, the good news is that attacks that exploit the flaw are impractical to carry out on a wide scale, so most consumers are unlikely to be targeted.
The vulnerability was reported by website Freak Attack, which also enables people to test their browser for the flaw, and lists the websites currently vulnerable, which includes americanexpress.com, tinyurl.com, topshop.com and, rather amusingly, nsa.gov.
The flaw is a carry-over from the earliest days of internet architecture, when the US government had laws in place that forbid developers from selling software with strong encryption tools to foreign users, out of fear that it would make foreign systems harder to surveil.
The laws …read more
Source:: Mobile App News