Attack on Encrypted Communications with FREAK Vulnerability

A newly discovered vulnerability in the SSL and TLS cryptographic protocols could allow attackers to intercept and decrypt communications between affected clients and servers. Dubbed the “FREAK” vulnerability, it facilitates man-in-the-middle (MITM) attacks against secure connections where the server accepts RSA_EXPORT cipher suites and the client either offers an RSA_EXPORT suite or uses an older, unpatched version of OpenSSL. Once the encryption is broken by the attackers, they could steal passwords and other personal information and potentially launch further attacks against the website.

Read more at: Symantec Security Response Blog

It is recommend for all users to upgrade their browsers and smartphone OS to the latest version. In our operation of CloudGate service, we always keep our workstations and servers updated with the latest stable versions. Our web services has always been operated with TLS export cipher suites disabled. There is no report of FREAK related attack on CloudGate.