OK, now that you will have that song in your head all day (you’re welcome) I think I have your attention! Unfortunately, we need to move on to more serious matters. There is a lot of panic today surrounding a security bug labeled FREAK. As is the case with any big news item, you can find various reports and technical details by simply typing FREAK into your favorite search engine. I’ve pulled together some highlights and helpful resources for this latest vulnerability here.
Reports started popping up on Tuesday identifying a flaw in the negotiation mechanism used to determine the security of your connections. Today, stronger encryption protocols are the standard, but weaker versions are still around due to an abandoned government policy. Essentially this flaw enables an attacker to force your connection to accept a less secure ciphersuite via a man-in-the-middle style (MITM) attack. I think it goes without saying that this is bad.