Tag Archives: tls

Windows Vulnerable to FREAK

Posted on March 6, 2015 by Carmelo

Microsoft confirms that most production versions of Windows are susceptible to the FREAK vulnerability in schannel (secure channel), where an attacker can force a downgrade in the SSL and then perform a man-in-the-middle attack. I last reported that FREAK only … Continue reading

Posted in Security Blog | Tagged , , , , , , , , , , , | Comments Off on Windows Vulnerable to FREAK

Factoring attack on RSA-EXPORT Keys (FREAK)

Posted on March 4, 2015 by Carmelo

Researchers disclosed a new SSL/TLS vulnerability — the FREAK attack. The vulnerability allows attackers to intercept HTTPS connections between vulnerable clients and servers and force them to use ‘export-grade’ cryptography, which can then be decrypted or altered. The ssl3_get_key_exchange function … Continue reading

Posted in Security Blog | Tagged , , , , , , , , , , | Comments Off on Factoring attack on RSA-EXPORT Keys (FREAK)

POODLE attack through TLS

Posted on December 11, 2014 by Carmelo

POODLE = Padding Oracle On Downgraded Legacy Encryption Once upon a time, in October, I wrote about SSL POODLE, a flaw in how browsers handle encryption; by negotiating down to SSL 3.0, attackers can alter padding data at the end … Continue reading

Posted in Security Blog | Tagged , , , , , , , | Comments Off on POODLE attack through TLS

SSL 3.0 POODLE

Posted on October 14, 2014 by Carmelo

Google security researchers have disclosed a vulnerability in SSL 3.0 that allows attackers to determine the plaintext of secure connections. Attackers can use the flaw to trigger network faults to push browsers back to the 15 year-old platform. POODLE is … Continue reading

Posted in Security Blog | Tagged , , , , , , , , , , , | Comments Off on SSL 3.0 POODLE