TLS/SSL implementation in Windows vulnerable to the FREAK attack

Implementace TLS/SSL ve Windows zranitelná útokem FREAK

Microsoft has released a security advisory saying that the implementation of TLS/SSL in all supported versions of Windows is vulnerable to FREAK attack.

FREAK - a high impact vulnerability in TLS/SSL

FREAK - významná slabina TLS/SSL

An international research team has devised attack called FREAK (Factoring attack on RSA Export Keys) with which it is possible to lower the level of encryption used in SSL connections. Attack is based on forcing server and client to use legacy (the vulnerability has been present for a long time) weak cryptographic suites which are still supported by some of the mainstream browsers (Safari and OpenSSL-based Android browser among others) and servers.

ENISA has published Security Framework for Governmental Clouds

ENISA vydala bezpečnostní framework pro užívání cloudu ve státní správě

ENISA has at the end of February released a 40-page publication Security Framework for Governmental Clouds describing steps for secure adoption of cloud at governmental level of states.

Looking back at February 2015...

Únor byl na události v oblasti informační bezpečnosti poměrně bohatý

Dramatic information security incidents and news were unfortunately fairly common in February – we will shortly remember three of the most interesting ones.