Sign in. It’s quick, free and it’s up to you.
An account is an optional way to support the work we do. Find out more.
MILLIONS OF APPLE and Google customers are at risk of having their confidential details stolen by hackers thanks to a newly-discovered “FREAK” vulnerability, the Washington Post reports.
The security flaw affects Android and iOS users who use the default Chrome or Safari browsers. Both companies are now rushing to bring out a fix.
So what is “FREAK”?
It stands for Factoring attacks on RSA-EXPORT Keys. To understand what that it is, you need to know about the history of cryptography.
Back in the 1990s, there was a debate over the use of cryptography to secure websites. Researchers and developers argued it was essential to protect people’s confidential details, while the authorities argued it threw up dangerous barriers to law enforcement.
Ultimately, a limit of 512-bit was placed on the strength of encryption in software that could be exported from America.
Encryption
This meant authorities could, if need be, intercept communications of products that has this encryption strength. These limits were later relaxed and encryption became considerably stronger. But the early restrictions had a nasty effect.
“The weaker encryption got baked into widely used software that proliferated around the world and back into the United States, apparently unnoticed until this year,” The Washington Post explains.
This means that many websites and browsers are still programmed to provide 512-bit keys for security when requested, even though they can be cracked in a matter of hours.
As a result, a hacker could go to an affected website, obtain its weak key, crack it, then be able to impersonate that website and intercept traffic to the site on the same network as them.
It’s what’s often called a “man in the middle” attack. On your home WiFi you’re probably safe, but you could be targeted whenever you log on to a public network, like a a coffee shop, or a hotel, or an airport.
Websites
The list of websites affected is extremely extensive.
Banks like American Express and Santander are vulnerable, along with other major websites like Groupon, hotel chain Marriott, and shopping site J-Crew.
At one point, the websites of the White House, the NSA, and the FBI were all affected, according to the Washington Post, although they’ve since implemented fixes.
According to one site dedicated to tracking FREAK, 9.7% of the Alexa Top 1 Million websites are affected (down from 12.2% as people begin to patch the issue).
What this means in real terms is that when you’re shopping online, or checking your bank statement, or logging onto one of your favourite sites, hackers may be harvesting your sensitive personal information.
There’s no confirmed uses of FREAK to harvest personal data — but the vulnerability has existed for decades, so it’s not unthinkable to suggest it may have been used.
And the reason FREAK exists isn’t because of shoddy coding by a developer — it’s because the government wanted a “backdoor” into encryption products when necessary.
As debate over the use of encryption begins to flare up once again, researchers are already pointing to FREAK as evidence developers shouldn’t weaken their encryption products at the request of law enforcement.
“Encryption backdoors will always turn around and bite you in the ass,” writes Matthew Green. “They are never worth it.”
To embed this post, copy the code below on your site
Serious injuries because the state refuses to legalize fireworks but prefers thousands of them to be let off illegally. Same with drugs. Leave it to the underworld to police that too. Dumb and dumber.
@Red Pirate 71: serious injuries because someone brought illegal explosives into the country which were used illegally by untrained individuals. Personal responsibility goes a long way, it’s not the states fault all the time!
@Red Pirate 71: how would legalising fireworks prevent accidents like this?
Next you’ll be blaming the government for the weather.
@Red Pirate 71: How can you blame the government for teenagers being idiots?
@Chin Feeyin: Because the fireworks they could buy then would be regulated and have proper safety standards attached to them. I guarantee what caused this was some shitty black cat banger from the black market.
@Luap: most fireworks are bought in the north
@Red Pirate 71: so you’re blaming the state for the stupid actions of two fellows who are old enough to know better?
@Red Pirate 71:
Personal responsibility.
@Chin Feeyin: Everyone knows the government is to blame for the weather !
@Richie Kennedy: because he is from that part of society himself.
@Luap: that’s pure speculation. Fireworks are dangerous in any kids’ hands. Also dangerous in the hands of untrained adults.
@Red Pirate 71: ‘cos no one in countries where fireworks are legal has ever been injured?
@Red Pirate 71: and dumbest
@Luap: You guarantee it do you?
@Red Pirate 71: this is by far the most idiotic comment ive ever seen… What a dope!!!
@Red Pirate 71: it’s legal in the uk and they never have firework accidents!
@Paul: It is very much the states responsibility to police this, they after all, are the ones who put the legislation in place. Wouldn’t be surprised if you are one of those people who buy fireworks on the black market for Halloween night.
@Paul: If the state prohibits something they create a black market. Black market dealers will sell to children! Were fireworks legal and sold in shops, you would be able to have laws to restrict children from buying them.
Zero sympathy unless they were subjected of an actual accident, on the other hand if they did this to themselves whilst mucking around illegally with illegal fireworks… well, Darwin always wins.
@ros aodha: they are only kids you muppet. Be careful what you write . Family members could be reading this. Fool
Cabra fireworks intimidation of innocent people gangs on bikes lawless living off the state I’m entitled give me everything now and I will promise to be vermin leeching off the state right to the end !
Apparently one lad lost a couple of fingers, the other an eye.
@Liam Ó hAodha: ah well.
So?
Anyone see the video going around with the AC Milan fan(I think) losing a hand thanks to a firework,, gruesome to say the least… :(
@Devilsavocado: ya looks cool
They were setting off fireworks ‘on the southside’ as well yesterday – could only hear them, but one sounded like a lovely sparkely one – only it was in the middle of the afternoon in bright sunshine … what a waste
Well if you play with fire……
Been gangs of these youths setting them off around pearse street since mid august, aiming them at people passing by. Gards dont seem to be doing anything to stop it
I was getting off the Luas at Broadstone yesterday evening when a group of teenagers let off proper fireworks beside the track. They exploded at ground level. I was thinking they could’ve seriously injured someone. One girl walking beside them got such a fright. Wonder if it was the same group they were on the green Luas line to Cabra
The Dumb F**kers were messing with Explosives, shit happens when your that thick.
@Jesse James: Maybe learn how to spell ‘you’re’ before calling people dumb. And get some empathy while you’re at it too.
@Marie McG: play stupid games win stupid prizes
Nobody is doing 5 years for lighting fireworks. What nonsense! You wouldn’t even get 5 years for murder in this country.
It’s a little early for fireworks.
Kids will be kids. Some have to learn the hard way.
Two more candidates for the Darwin Awards :-)
Kids will be kids.
Some have to learn the hard way.
have your say