Evaluate Websense products by watching demos and installing evaluation software.
Learn More >
Learn how Websense solutions help keep our customer safe, secure and productive.
Get information on product updates, support resources and more.
Get the most out of support in five simple steps.
Find tools and assets to help sell Websense solutions.
SSL, widely adopted and living on borrowed time, has clearly had a rough year. After Heartbleed, Poodle, and many other high-profile vulnerabilities comes FREAK (Factoring attack on RSA-EXPORT Keys), which at the time of publication of this blog breaks approximately 36% of all sites trusted by browsers as per this link including websites belonging to the NSA and FBI. About 12% of high ranked Alexa websites are also believed to be vulnerable to the flaw at this time, thereby placing visitors to these sites at high risk.
The vulnerability, discovered by Karthikeyan Bhargavan at INRIA in Paris and the mitLS team allows an active attacker to perform a man-in-the-middle attack by downgrading the encrypted connection between a vulnerable client and a server that accepts export-grade RSA keys to 512-bits. The captured key can then be factored using the public cloud in a matter of hours and further be used for decryption of communication between the client and the server. Once the key has been compromised, all personal information including passwords, financial data, etc. is at risk.
Follow us on SpiceWorks
We want to hear from you!