Main Content

Promet stops 'FREAK' attack from being super freak-ay

Promet Source Neutralizes Critical SSL Vulnerability

Hey peeps, just a quick heads up about the recently identified "FREAK Attack" vulnerability: the good folks at Promet Source are on it!

Promet’s policy is to apply security updates to servers as soon as noticed for clients that we provide monthly support to due to the risk of exploits once the vulnerability has been made public. We applied the necessary server configuration adjustments for Promet's support clients last night. In half an hour or less, mind you.  You might even say that we were freaky fast.

So why all the fuss?

Freakazoid Android

Basically, if a user goes to a site that has this vulnerability and they are using either Apple's browser or the Android browser then an attacker who is acting as a man in the middle can intercept their request to the vulnerable server and change the type of encryption from strong to super weak so they can more easily decrypt your traffic.  On a powerful enough machine someone could decrypt traffic real time -- eek!

You can read more about the attack here, and if you have time we recommend this groovy article from The Washington Post about the FREAK Attack.

Stay up on the latest security news for the Drupal community by following our blog and follow us on Twitter!


*Update: As of Tuesday, March 3, 2015 some instances of the SSL vulnerability were detected on Google’s Chrome browser.  To see if your browser is vulnerable, we recommend visiting this site: https://tools.keycdn.com/freak