What???!!! Fineco Bank Makes Customers Pay to Change Their Passwords & Suggests They Google Their Password to Check if It is Secure... 😶🙄⠀
#infosec #security#banking ⠀
FREAK ("Factoring RSA Export Keys") is a security exploitof a cryptographic weakness in the SSL/TLS protocols introduced decades earlier for compliance with U.S. cryptography export regulations.
These involved limiting exportable software to use only public key pairs with RSAmoduli of 512 bits or less (so-called RSA_EXPORT keys), with the intention of allowing them to be broken easily by the National Security Agency (NSA), but not by other organizations with lesser computing resources.
However, by the early 2010s, increases in computing power meant that they could be broken by anyone with access to relatively modest computing resources using the well-known Number Field Sieve algorithm, using as little as $100 of cloud computing services. Combined with the ability of a man-in-the-middle attack to manipulate the initial cipher suite negotiation between the endpoints in the connection and the fact that the Finished hash only depended on the master secret, this meant that a man-in-the-middle attack with only a modest amount of computation could break the security of any website that allowed the use of 512-bit export-grade keys.
While the exploit was only discovered in 2015, its underlying vulnerabilities had been present for many years, dating back to the 1990s.
Good News though we are in 2019 now and the vulnerability has been patched by removing the support for "exportRSA" ciphersuite, and all the modern browsers have patches against this vulnerability.
So why do we care now ?
Well if it happened once could also re-emerge in future as we are progressing towards quantum computers.
Please Follow for more @the.hackers.choice.
@the.hackers.choice #darkweb#deepweb#AI #cybersecurity #programming#infosec#programmingmemes#coding#code#web#tech#websecurity#computerengineering#computer#linux#kalilinux#engineering#informationsecurity#malware#webdevelop#computerscience#database#socialmedia#thehackerschoice