New OpenSSL Vulnerability: FREAK

 

Protecting our clients' data is one of our top priorities. New vulnerabilities are discovered in various pieces of software on a daily basis. Staying on top of these security updates is incredibly important. That’s why Savvior’s team of IT consulting experts in Pittsburgh diligently monitor the National Vulnerability Database and Common Vulnerabilities and Exposures (CVE) so we're aware of the latest threats and update our servers and software as quickly as possible.

FREAK

Recently, our team of IT consulting experts in Pittsburgh discovered FREAK or Factoring Attack on RSA-EXPORT. FREAK allows an attacker to force the downgrade of connections from "strong" RSA public cryptography to the lesser "export grade" RSA public-key. By doing so, the attacker takes advantage of a vulnerability in the SSL/TLS implementation to force both clients and servers to use weaker encryption in order to intercept and decrypt data. This vulnerability was specific to the OpenSSL specification -- which is primarily found in Linux, UNIX, and OS X servers. This affects many of our clients as they primarily use SSL certificates and/or secure web pages (https://) to serve their secure content.

Savvior’s Response

Our team of IT consulting experts in Pittsburgh are pleased to announce that none of our servers were compromised by this vulnerability. Since the announcement we have updated to the latest version of OpenSSL on all of our servers. A simple test can be performed from a commandline where OpenSSL is accessible:

If you have any Linux or UNIX servers on your networks, please do not hesitate to contact us for assistance in securing your servers.