Last week saw one more security attack. It was named as the "FREAK" attack and is basically an MITM (Man In The Middle) attack which targets the "downgrade to weaker algorithm" property. It downgrades to export grade algorithm. As a countermeasure to this attack, the support for export cipher suites has to be disabled. Several write-ups are worth mentioning and the readers are suggested to go through each of the links mentioned in the references below in detail.
References:
- https://www.smacktls.com/#freak
- https://freakattack.com/
- Blog by Matthew Green
- CVE
- Washington post
- Quora post
