Technology
FREAK Show: Apple and Android SSL WIDE OPEN to Snoopers
(The Register) – Security researchers are warning of a flaw in OpenSSL and Apple’s SecureTransport – a hangover from the days when the US government was twitchy about the spread of cryptography.
It’s a flaw that allows an attacker to decrypt your login cookies, and other sensitive information, from your HTTPS connections if you use a vulnerable browser such as Safari.
Apple’s SecureTransport is a library used by applications on iOS and OS X, including Safari for iPhones, iPads and Macs. OpenSSL is open source, and used by Android browsers, and many other things.
OpenSSL and SecureTransport encrypt connections to online banking, webmail, and other HTTPS websites, and so much else on the internet, to thwart eavesdroppers.