Another day, another high impact security vulnerability...
Yesterday news broke of another security vulnerability affecting SSL, the system that provides encryption between websites and browsers. This time the vulnerability is due to restrictions on encryption technology in the 1990s, that haven't been removed from modern products.
FREAK: Factoring RSA Export Keys
The FREAK attack works by forcing both a website and browser to use much less sophisticated encryption than normal, which increases the chances of the encryption being broken and private data, such as usernames and passwords, being intercepted. It is quite a serious vulnerability, but thankfully takes some effort to exploit. That said it never hurts to be cautious, and so we advise that you check whether your browser is vulnerable (you can do this on the freakattack.com website, which also contains links to more information on the problem). At this time we'd caution using affected systems, including Macs, iPhones, iPads and Android devices on untrusted wireless networks.
Companies whose products are affected, including Apple and Google, are aware of the issue and have advised that they will be releasing updates to fix the problems in the next couple of days. We'd advise installing these updates at the earliest opportunity to ensure you're protected - make sure you have an up-to-date backup before you do so!
If you would like further information on this issue, or just want any concerns you may have, please don't hesitate to get in touch.