As Google, Apple and Microsoft scramble to patch a long missed security flaw it might be timely to remember how we got here. Way back at the latter end of the last century – the 1990s, when Netscape browser was all the rage and – SSL (Secure Socket Layer) encryption was brand-spanking-new, the U.S. government wanted control over export of “weapons grade” encryption.
Its theory was that domestic communications could benefit from stronger, 128-bit encryption, but ‘backdoors’ should be available to U.S. intelligence and law enforcement when it came to foreign communications, the concept of weaker, “export grade” encryption was born.
Turns out that this theory and it’s legacy backdoor, a vulnerability that we’ve come to know in recent days as ‘FREAK’ still exists in up to 30 percent of U.S. web servers. It’s a sad example of how zombie-security from the era that gave us grunge can come back and bite us on the posterior.
Meanwhile, Apple and Google are saying they’ve developed fixes/patches – though we note Apple has yet to deploy – to mitigate the ‘Freak’ security flaw. Initially thought to be immune, Microsoft released an advisory which warned hundreds of millions of Windows PC users are also vulnerable to the security vulnerability :: Read the full article »»»»