Promet stops 'FREAK' attack from being super freak-ay
Promet Source Neutralizes Critical SSL Vulnerability
Hey peeps, just a quick heads up about the recently identified "FREAK Attack" vulnerability: the good folks at Promet Source are on it!
Promet’s policy is to apply security updates to servers as soon as noticed for clients that we provide monthly support to due to the risk of exploits once the vulnerability has been made public. We applied the necessary server configuration adjustments for Promet's support clients last night. In half an hour or less, mind you. You might even say that we were freaky fast.
So why all the fuss?
Basically, if a user goes to a site that has this vulnerability and they are using either Apple's browser or the Android browser then an attacker who is acting as a man in the middle can intercept their request to the vulnerable server and change the type of encryption from strong to super weak so they can more easily decrypt your traffic. On a powerful enough machine someone could decrypt traffic real time -- eek!
*Update: As of Tuesday, March 3, 2015 some instances of the SSL vulnerability were detected on Google’s Chrome browser. To see if your browser is vulnerable, we recommend visiting this site: https://tools.keycdn.com/freak