Newly-Found 'FREAK' Online Security Flaw Stems From 1990s

Newly-Found 'FREAK' Online Security Flaw Stems From 1990s

A newly discovered Internet security flaw could leave many websites vulnerable to hackers because of weak US encryption standards in the 1990s, researchers said Tuesday.

The flaw dubbed "FREAK" could leave thousands of websites open to attacks if the problem is not patched, according to papers released by French and US researchers.

The flaw was discovered by a team led by Karthikeyan Bhargavan at INRIA in Paris -- the French Institute for Research in Computer Science and Automation -- and disclosure coordinated by Matthew Green, a cryptographer at Johns Hopkins University.

A research paper said the flaw comes from "a class of deliberately weak export cipher suites... introduced under the pressure of US government agencies to ensure that the NSA would be able to decrypt all foreign encrypted communication."

Green said in a blog post that even some sites maintained by the National Security Agency and FBI appeared to be vulnerable.

"Since the NSA was the organization that demanded export-grade crypto, it's only fitting that they should be the first site affected by this vulnerability," Green said.

Green and other researchers said the flaw stems from US government-imposed standards for encryption in software that was exported -- a short-lived effort to allow the United States to be able to access software exported to unfriendly regimes.

Comments

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel.

Further reading: Android, Apple, Internet, Laptops, PC, FREAK
HTC Chairwoman Apologises for Confusion Over Half-Life VR Comment
Facebook Develops Artificial Intelligence Test

Related Stories

Share on Facebook Tweet Snapchat Share Reddit Comment
 
 

Advertisement

Advertisement

© Copyright Red Pixels Ventures Limited 2021. All rights reserved.
Listen to the latest songs, only on JioSaavn.com