We need your help now
Support from readers like you keeps The Journal open.
You are visiting us because we have something you value. Independent, unbiased news that tells the truth. Advertising revenue goes some way to support our mission, but this year it has not been enough.
If you've seen value in our reporting, please contribute what you can, so we can continue to produce accurate and meaningful journalism. For everyone who needs it.
Sign in. It’s quick, free and it’s up to you.
An account is an optional way to support the work we do. Find out more.
By continuing, you are indicating that you accept our Terms of Service and Privacy Policy.
MILLIONS OF APPLE and Google customers are at risk of having their confidential details stolen by hackers thanks to a newly-discovered “FREAK” vulnerability, the Washington Post reports.
The security flaw affects Android and iOS users who use the default Chrome or Safari browsers. Both companies are now rushing to bring out a fix.
So what is “FREAK”?
It stands for Factoring attacks on RSA-EXPORT Keys. To understand what that it is, you need to know about the history of cryptography.
Back in the 1990s, there was a debate over the use of cryptography to secure websites. Researchers and developers argued it was essential to protect people’s confidential details, while the authorities argued it threw up dangerous barriers to law enforcement.
Ultimately, a limit of 512-bit was placed on the strength of encryption in software that could be exported from America.
Encryption
This meant authorities could, if need be, intercept communications of products that has this encryption strength. These limits were later relaxed and encryption became considerably stronger. But the early restrictions had a nasty effect.
“The weaker encryption got baked into widely used software that proliferated around the world and back into the United States, apparently unnoticed until this year,” The Washington Post explains.
This means that many websites and browsers are still programmed to provide 512-bit keys for security when requested, even though they can be cracked in a matter of hours.
As a result, a hacker could go to an affected website, obtain its weak key, crack it, then be able to impersonate that website and intercept traffic to the site on the same network as them.
It’s what’s often called a “man in the middle” attack. On your home WiFi you’re probably safe, but you could be targeted whenever you log on to a public network, like a a coffee shop, or a hotel, or an airport.
Websites
The list of websites affected is extremely extensive.
Banks like American Express and Santander are vulnerable, along with other major websites like Groupon, hotel chain Marriott, and shopping site J-Crew.
At one point, the websites of the White House, the NSA, and the FBI were all affected, according to the Washington Post, although they’ve since implemented fixes.
According to one site dedicated to tracking FREAK, 9.7% of the Alexa Top 1 Million websites are affected (down from 12.2% as people begin to patch the issue).
What this means in real terms is that when you’re shopping online, or checking your bank statement, or logging onto one of your favourite sites, hackers may be harvesting your sensitive personal information.
There’s no confirmed uses of FREAK to harvest personal data — but the vulnerability has existed for decades, so it’s not unthinkable to suggest it may have been used.
And the reason FREAK exists isn’t because of shoddy coding by a developer — it’s because the government wanted a “backdoor” into encryption products when necessary.
As debate over the use of encryption begins to flare up once again, researchers are already pointing to FREAK as evidence developers shouldn’t weaken their encryption products at the request of law enforcement.
“Encryption backdoors will always turn around and bite you in the ass,” writes Matthew Green. “They are never worth it.”
To embed this post, copy the code below on your site
I’m applying for that. So should every one on jobseekers.
Plus expenses and pension, who do l give my cv to.
Forgot l don’t know the right person that holds the tickets to the gravy train.
Considering you couldn’t figure out where to send your CV I doubt you not knowing the right people would have been the deciding factor in you not getting the job.
Mursh, if you know the right people, you don’t need to send a C.V.
Whos been doing the job for the last 5 months?? & why dont they just keep doing it, and save some money!
Maybe someone who just qualified for the top up pension and doesn’t need the job anymore. Happens in the public sector all the time.
Jobsbridge? Be great to validate this wonderful govnt idea
Handy number!!
Ye..O’Brien did a three day week while living in the UK.
Why do they need 3 Commissioners to run it? It allows for buck passing which is what they did when they fu(ked up the crazy buggung story. Appoint one person to run it and the buck stops with him/her.
A nightmare job if you attempted to do it properly!
Is it bad that that would be a significant paycut for most people I know professionally….
Drew – You can finally come home “from China” ?
Or is that Wicklow that you are really living in ?
Monopoly money dosen`t count drew….
The usual moaners on here moaning. Moaners will moan about anything, they will even moan about having nothing to moan about.
I’ll do it for half
Use precise geolocation data. Actively scan device characteristics for identification. Store and/or access information on a device. Personalised advertising and content, advertising and content measurement, audience research and services development.
These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work.
These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.
These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then these services may not function properly.
These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not be able to monitor our performance.
Cookies, device or similar online identifiers (e.g. login-based identifiers, randomly assigned identifiers, network based identifiers) together with other information (e.g. browser type and information, language, screen size, supported technologies etc.) can be stored or read on your device to recognise it each time it connects to an app or to a website, for one or several of the purposes presented here.
Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are (or have been) interacting with (for example, to limit the number of times an ad is presented to you).
Information about your activity on this service (such as forms you submit, content you look at) can be stored and combined with other information about you (for example, information from your previous activity on this service and other websites or apps) or similar users. This is then used to build or improve a profile about you (that might include possible interests and personal aspects). Your profile can be used (also later) to present advertising that appears more relevant based on your possible interests by this and other entities.
Advertising presented to you on this service can be based on your advertising profiles, which can reflect your activity on this service or other websites or apps (like the forms you submit, content you look at), possible interests and personal aspects.
Information about your activity on this service (for instance, forms you submit, non-advertising content you look at) can be stored and combined with other information about you (such as your previous activity on this service or other websites or apps) or similar users. This is then used to build or improve a profile about you (which might for example include possible interests and personal aspects). Your profile can be used (also later) to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests.
Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services (for instance, the forms you submit, content you look at), possible interests and personal aspects. This can for example be used to adapt the order in which content is shown to you, so that it is even easier for you to find (non-advertising) content that matches your interests.
Information regarding which advertising is presented to you and how you interact with it can be used to determine how well an advert has worked for you or other users and whether the goals of the advertising were reached. For instance, whether you saw an ad, whether you clicked on it, whether it led you to buy a product or visit a website, etc. This is very helpful to understand the relevance of advertising campaigns.
Information regarding which content is presented to you and how you interact with it can be used to determine whether the (non-advertising) content e.g. reached its intended audience and matched your interests. For instance, whether you read an article, watch a video, listen to a podcast or look at a product description, how long you spent on this service and the web pages you visit etc. This is very helpful to understand the relevance of (non-advertising) content that is shown to you.
Reports can be generated based on the combination of data sets (like user profiles, statistics, market research, analytics data) regarding your interactions and those of other users with advertising or (non-advertising) content to identify common characteristics (for instance, to determine which target audiences are more receptive to an ad campaign or to certain contents).
Information about your activity on this service, such as your interaction with ads or content, can be very helpful to improve products and services and to build new products and services based on user interactions, the type of audience, etc. This specific purpose does not include the development or improvement of user profiles and identifiers.
Content presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type, or which content you are (or have been) interacting with (for example, to limit the number of times a video or an article is presented to you).
With your acceptance, your precise location (within a radius of less than 500 metres) may be used in support of the purposes explained in this notice.
With your acceptance, certain characteristics specific to your device might be requested and used to distinguish it from other devices (such as the installed fonts or plugins, the resolution of your screen) in support of the purposes explained in this notice.
Your data can be used to monitor for and prevent unusual and possibly fraudulent activity (for example, regarding advertising, ad clicks by bots), and ensure systems and processes work properly and securely. It can also be used to correct any problems you, the publisher or the advertiser may encounter in the delivery of content and ads and in your interaction with them.
Certain information (like an IP address or device capabilities) is used to ensure the technical compatibility of the content or advertising, and to facilitate the transmission of the content or ad to your device.
Information about your activity on this service may be matched and combined with other information relating to you and originating from various sources (for instance your activity on a separate online service, your use of a loyalty card in-store, or your answers to a survey), in support of the purposes explained in this notice.
In support of the purposes explained in this notice, your device might be considered as likely linked to other devices that belong to you or your household (for instance because you are logged in to the same service on both your phone and your computer, or because you may use the same Internet connection on both devices).
Your device might be distinguished from other devices based on information it automatically sends when accessing the Internet (for instance, the IP address of your Internet connection or the type of browser you are using) in support of the purposes exposed in this notice.
The choices you make regarding the purposes and entities listed in this notice are saved and made available to those entities in the form of digital signals (such as a string of characters). This is necessary in order to enable both this service and those entities to respect such choices.
have your say