What could possibly be a major threat to online security, the new FREAK ATTACK is booming the news, for proving potentially dangerous and capable of damage.
The 2014 mega-disaster 'Heartbleed' SSL crisis still sends shivers down our spine. Well, it mainly targeted only servers and was a server-side attack. This on the other hand, is not only servers but also browsers and could affect a large-scale audience worldwide. The 'Heartbleed' was dealt by putting up an emergency patch in the OpenSSL cryptography library.
The irony here is that the same researchers who had found 'Heartbleed', have now found 'Freak Attack'. Freak Attack is essentially a man-in-the-middle attack, and also attacks the SSL/TLS protocol, which is currently one of the most advanced protocols for communication.
What it basically does is use a very old cipher suite known as the RSA_EXPORT, and it becomes a middle man between the client and the server, it requests the server to send data in the outdated cipher form, which then is fairly easy to break. It attempts to cheat the browser in the similar manner, only that the browser needs to be susceptible to "CVE-2015-0204" which is highly unlikely.
For now, all the major browsers except Safari and the stock Android browsers are fairly secured from the danger. Several banking and US Government websites have got exposed to the bug. No major attempts of exploitation for malicious purposes has been reported so far. Apple is gonna update the devices as soon as possible to fix vulnerabilities.
Check freakattack.com to check whether your browser is secured or not.
Also, start strengthening your digital security. Better be safe than sorry.