Promet Stops 'FREAK' Attack
Update: As of Tuesday, March 3, 2015 some instances of the SSL vulnerability were detected on Google’s Chrome browser. To see if your browser is vulnerable, we recommend visiting this site.
Just a quick heads up about the recently identified "FREAK Attack" vulnerability: the support team Promet Source are on it!
Attackers Can Change Encryption Type
Basically, if a user goes to a site that has this vulnerability and they are using either Apple's browser or the Android browser then an attacker who is acting as a man in the middle can intercept their request to the vulnerable server and change the type of encryption from strong to super weak so they can more easily decrypt your traffic.
On a powerful enough machine someone could decrypt traffic real time—eek!
And of course, a major issue is that hackers can steal your personal information and your passwords, making you vulnerable to theft and other problems.
You can read more about the attack here. And if you have time, we recommend this incredibly informative article from The Washington Post about the FREAK Attack.
For clients of Promet Source however, we can confidently say they have nothing to worry about.
Promet Source Neutralizes Critical SSL Vulnerability
Promet’s policy is to apply security updates to servers as soon as noticed for clients that we provide monthly support to due to the risk of exploits once the vulnerability has been made public.
We applied the necessary server configuration adjustments for Promet's support clients last night. In half an hour or less, mind you. The work was incredibly fast.
Stay up on the latest security news for the Drupal community by following our blog and follow us on Twitter!
Want to get news fast?