Update: Serious FREAK flaw could undermine the Web's encryption

Discussion in 'Security' started by curdude, Mar 4, 2015.

  1. curdude

    curdude Member

  2. KH-DanielP

    KH-DanielP KH-COO Staff Member

    This isn't really an exploit much as it is using a feature built into the system.

    The biggest thing to realize with the majority of these, is that the attacks are all done by intercepting the traffic somewhere along the physical network. Thus "man in the middle" attacks. Obviously you can't tell if the wireless network your connected to would be secure, etc but this does require a bit more labor to first intercept your traffic and then decrypt it.

    It's easy enough to fully disable if your worried about someone intercepting your encrypted traffic and then breaking the encryption on it. Simply add -EXP to the SSLCiperSuite configuration line under "Apache Configuration" in WHM. Alternatively you can toss in a support ticket and we can make this change for you.

    I don't really see this as a flaw that will undermine the web's encryption by any means. Is it a flaw, yes. Can it be used for nefarious things, also yes, but it's not the easiest thing to exploit either.
     

Share This Page