Tag: cve20140204

“FREAK” Vulnerability (CVE20150204): Pretty Much All Systems are Exposed

New Security Internet Security Flaw Discovered

The list of flaws in trusted security algorithms has grown again with the recent announcement of the “FREAK” (Factoring Attack on RSA-EXPORT Keys) vulnerability also known as CVE-2015-0204.

First reports confirmed that many OpenSSL implementations contained the flaw and today Microsoft issued Security Advisory 3046015 confirming that all versions of Windows are vulnerable.

Where Did The Freak Vulnerability (CVE2015-0204) Come From?

The details of the vulnerability are alarming and largely due to flawed federal policies on encryption dating back to the 1990s. Around that time products like PGP (Pretty Good Privacy) were starting to see wider distribution and the U.S. officials responded by passing laws to control the export of any product that included high grade encryption. It was a futile effort and the battle was eventually won by crusaders such as Phil Zimmerman.

Some would even say there is a darker side to government efforts on the control and distribution of encryption technology:

Read more