Re: FREAK Security Alert

From: S Moonesamy <sm+mu_at_elandsys.com>
Date: Mon, 09 Mar 2015 08:44:35 -0700

Hi Ish,
At 06:43 09-03-2015, Ish Sookun wrote:
>The main highlight of this vulnerability is the use of weak ciphers.

Yes.

>I'm planning to write a blog post with a possible attack scenario;
>if somebody would like to contribute with ideas or a mini interview,
>that would be awesome.

The attack would be to intercept the encrypted connection (HTTPS),
trigger the bug, and factor the 512-bit RSA modulus. You can then
inject data into that encrypted connection without the user detecting
that it has been done. The user will believe that when he or she is
seeing comes from the (HTTPS) web site.

Regards,
S. Moonesamy
Received on Mon Mar 09 2015 - 15:45:07 PST

This archive was generated by hypermail 2.3.0 : Mon Mar 09 2015 - 15:54:01 PST