The FREAK Attack — what it means for you

You may have heard about a newly disclosed FREAK vulnerability in OpenSSL clients. This vulnerability affects the way client browsers handle an old encryption algorithm(“RSA_EXPORT”), and it’s reportedly affecting about 37% of the Internet’s trusted websites.

We have investigated and checked our services to make sure Intermedia does not support “RSA_EXPORT” ciphers, and we haven’t found any issues. As part of our ongoing vulnerability management process, we regularly scan and review our services from the Internet to “see” what they look like to an outsider, including the encryption algorithms we support. We removed the option to support encryption mechanisms like this a long time ago.

As for your personal devices, there are known vulnerabilities that exist in the browsers of Android and iPhones, as well as Safari web browsers. This is a great lesson in making sure you stay current on the software updates to your personal computers and phones.

Knowing this vulnerability is out there, we recommend that you refrain from doing any online banking or visiting other important websites from any open WiFi hotspots like airports or coffee shops, where the likelihood of an attacker snooping on your connection and performing a “man in the middle” attack may be higher.

If you are away from the office and using an untrusted Internet connection, be sure to use your VPN; it acts like a protection layer around your entire connection, encrypting all communications.

More information about the FREAK attack can be found below.

http://www.washingtonpost.com/blogs/the-switch/wp/2015/03/03/freak-flaw-undermines-security-for-apple-and-google-users-researchers-discover/

http://blog.cryptographyengineering.com/

https://freakattack.com/

About Ryan Barrett

Ryan is Intermedia's Vice President for Security and Privacy.