Sunday, 15 March 2015

BlackBerry Devices Vulnerable FREAK Leak

BlackBerry users has warned that a large number of devices vulnerable by FREAK flaw in SSL / TLS is that early March was unveiled. Through the vulnerability, an attacker who is between a target and the Internet is in some cases the encryption of the encrypted connection to downgrade to a weak encryption to crack then that and to see the encrypted traffic.

According BlackBerry are different versions of the operating system, the BlackBerry Enterprise Server (BES), BlackBerry Messenger (BBM) and other software vulnerable. The manufacturer says that the investigation into the leak is still running, but there's already decided to publish the vulnerable systems and software. An update is not yet available, but BlackBerry says that an attacker would first have to place between the user and the Internet to carry out an attack.

Default settings, common configurations, and general "best practices" would also help to prevent a successful attack.Furthermore, the problem would be solved if users send data that already are encrypted before they are sent over SSL. For example, in the case of S / MIME or PGP. When the BlackBerry FREAK leak will patch is unknown. This week came Apple and Microsoft already with updates.

No comments:

Post a Comment