24 Hours After FREAK, 766 Cloud Providers were Still Vulnerable

24 Hours After FREAK, 766 Cloud Providers were Still Vulnerable
CLOUD SECURITY ALLIANCE | MARCH 6, 2015

The Average Company Uses 122 FREAK-vulnerable services 

Article by Sekhar Sarukkai, Co-founder and VP of Engineering, Skyhigh Networks

"[Last] week a group of researchers at INRA, Microsoft Reseach, and IMDEA discovered a widespread vulnerability in OpenSSL that has rendered millions of Apple and Android devices vulnerable to man-in-the-middle attacks when they visited supposedly secure websites and cloud services. You can read the detailed description of the vulnerability from the discovering researchers here.

The researchers have dubbed this the “FREAK” vulnerability (CVE-2015-0204) or Factoring Attack on RSA-EXPORT Keys, and it enables attackers to force clients to use older, weaker encryption , known as the “export-grade” key or 512-bit RSA keys."

This is a serious problem folks!

---

https://blog.cloudsecurityalliance.org/2015/03/06/24-hours-after-freak-766-cloud-providers-still-vulnerable/?utm_medium=referral&utm_source=shatterdoc.com