[Cryptography] FREAK attack
Dave Horsfall
dave at horsfall.org
Wed Mar 4 16:23:05 EST 2015
I took the liberty of forwarding this to a geek list, and a bod who runs
security at a University department responded thus:
--
Dave Horsfall DTM (VK2KFU) "Bliss is a MacBook with a FreeBSD server."
http://www.horsfall.org/spam.html (and check the home page whilst you're there)
---------- Forwarded message ----------
Sounds some what theoretical. Given the existence of certificates that
allow corporate proxy servers to 'inspect' SSL traffic, the moment you are
in a position to mount a MITM you don't need to mess with tricking the two
ends to reduce their security level - as you have access to the clear text
in the middle.
Just so a search for 'ssl inspection'. Many companies provide such
appliances to 'protect' your corporate network.
We had issues with ssh and one of our corporate partners - the company IT
security people were dead against ssh being used as they couldn't
'inspect' it. In the end we got a compromise were the people we were
collaborating with could use ssh to talk to our servers in the [dept] -
but NOTHING ELSE and only from their normal office/lab. If they went on
site, no ssh back to us.
More information about the cryptography
mailing list