[Cryptography] FREAK attack

Dave Horsfall dave at horsfall.org
Wed Mar 4 16:23:05 EST 2015

I took the liberty of forwarding this to a geek list, and a bod who runs 
security at a University department responded thus:

Dave Horsfall DTM (VK2KFU)  "Bliss is a MacBook with a FreeBSD server."
http://www.horsfall.org/spam.html (and check the home page whilst you're there)

---------- Forwarded message ----------

Sounds some what theoretical. Given the existence of certificates that 
allow corporate proxy servers to 'inspect' SSL traffic, the moment you are 
in a position to mount a MITM you don't need to mess with tricking the two 
ends to reduce their security level - as you have access to the clear text 
in the middle.

Just so a search for 'ssl inspection'. Many companies provide such 
appliances to 'protect' your corporate network.

We had issues with ssh and one of our corporate partners - the company IT 
security people were dead against ssh being used as they couldn't 
'inspect' it. In the end we got a compromise were the people we were 
collaborating with could use ssh to talk to our servers in the [dept] - 
but NOTHING ELSE and only from their normal office/lab. If they went on 
site, no ssh back to us.

More information about the cryptography mailing list