SlideShare a Scribd company logo

Symantec Freak Vulnerability Infographic

Symantec
Symantec

The Freak vulnerability targets weak cryptography and enables attacks against some secure connections.

Business
1 of 1
Download to read offline
@threatintel | www.symantec.com #FREAK FREAK TARGETS WEAK CRYPTO LATEST SSL VULNERABILITY ENABLES ATTACKS AGAINST SOME SECURE CONNECTIONS CLIENT PRECAUTIONS User: Use non-vulnerable browser (Chrome, Firefox) Admin: Disable support for weak cipher suites such as export grade encryption REMEMBER TO UPGRADE SOFTWARE WHEN PATCHES BECOME AVAILABLE SOME BROWSERS CAN BE FORCED TO USE WEAK EXPORT GRADE KEYS MAN-IN-THE-MIDDLE ATTACK FORCE DOWNGRADE ENCRYPTION FROM STRONG TO EXPORT GRADE (<= 512 BIT) EXPORT GRADE ENCRYPTION <= 512 BIT KEYS 512 BIT TOO WEAK 7 HOURS IS ALL IT TAKES TO CRACK A 512 BIT ENCRYPTION KEY (Using < 100 typical PC’s) TIMELINE OF SSL/TLS INSECURITY 1990s 512 bit export grade encryption key size was considered acceptable for public use but still allowed governments to decrypt communications if needed. 2000s (EARLY) Relaxation of controls on non-military grade cryptography. 1024 bit keys widely used and considered safe. 2013 Certificate Authority/Browser Forum increases the key size for Root CA certs. Baseline requirements jump from 1024 bits to 2048 bits. This should provide security headroom…for a while. 2014 • HEARTBLEED – SSL information leak vulnerability affecting many SSL implementations. • POODLE – SSL encryption downgrade dance can allow attackers to force weaker encryption on SSL connections which can then be cracked/hijacked. • FREAK – Discovery of FREAK vulnerability, affecting many server implementations and browsers, could allow for multiple attack scenarios. SOME SERVERS STILL SUPPORT EXPORT GRADE CIPHER SUITES SERVER RAPIDLY INCREASING PROCESSING POWER MEANS WHAT WAS CONSIDERED SECURE IN THE 90s IS NO LONGER SECURE NOW MOORE’S LAW Sources: https://en.wikipedia.org/wiki/Export_of_cryptography_from_the_United_States#Current_status https://www.cabforum.org/wp-content/uploads/Baseline_Requirements_V1.pdf http://www.symantec.com/connect/blogs/heartbleed-bug-poses-serious-threat-unpatched-servers http://www.symantec.com/connect/blogs/poodle-vulnerability-old-version-ssl-represents-new-threat

Recommended

[CB19] Hardware Wallet Security
[CB19] Hardware Wallet Security[CB19] Hardware Wallet Security
[CB19] Hardware Wallet Security
CODE BLUE
 
IoT security
IoT securityIoT security
IoT security
Abhishek Dwivedi
 
Covid 19 staying cyber secure
Covid 19 staying cyber secureCovid 19 staying cyber secure
Covid 19 staying cyber secure
mascot4u
 
Necto 16 training 18 access security
Necto 16 training 18 access securityNecto 16 training 18 access security
Necto 16 training 18 access security
Panorama Software
 
Exploits
ExploitsExploits
Exploits
Tylor Shellenberger
 
Vpn presnt
Vpn presntVpn presnt
Vpn presnt
Frikha Nour
 
Week13pre
Week13preWeek13pre
Week13pre
s1160072
 
Rivetz Corp. - Building the hardware protected wallet
Rivetz Corp. - Building the hardware protected walletRivetz Corp. - Building the hardware protected wallet
Rivetz Corp. - Building the hardware protected wallet
Steven Sprague
 

Recommended

[CB19] Hardware Wallet Security
[CB19] Hardware Wallet Security[CB19] Hardware Wallet Security
[CB19] Hardware Wallet Security
CODE BLUE
 
IoT security
IoT securityIoT security
IoT security
Abhishek Dwivedi
 
Covid 19 staying cyber secure
Covid 19 staying cyber secureCovid 19 staying cyber secure
Covid 19 staying cyber secure
mascot4u
 
Necto 16 training 18 access security
Necto 16 training 18 access securityNecto 16 training 18 access security
Necto 16 training 18 access security
Panorama Software
 
Exploits
ExploitsExploits
Exploits
Tylor Shellenberger
 
Vpn presnt
Vpn presntVpn presnt
Vpn presnt
Frikha Nour
 
Week13pre
Week13preWeek13pre
Week13pre
s1160072
 
Rivetz Corp. - Building the hardware protected wallet
Rivetz Corp. - Building the hardware protected walletRivetz Corp. - Building the hardware protected wallet
Rivetz Corp. - Building the hardware protected wallet
Steven Sprague
 
Attack presentation
Attack presentationAttack presentation
Attack presentation
Frikha Nour
 
Embedded government espionage
Embedded government espionageEmbedded government espionage
Embedded government espionage
Muts Byte
 
Ransomware is Coming to a Desktop Near You
Ransomware is Coming to a Desktop Near YouRansomware is Coming to a Desktop Near You
Ransomware is Coming to a Desktop Near You
Cybereason
 
Evil Twin
Evil TwinEvil Twin
Evil Twin
n|u - The Open Security Community
 
WiFi security
WiFi security WiFi security
WiFi security
Ihor Uzhvenko
 
Debugging 2013- Fredrik simonsson
Debugging 2013- Fredrik simonssonDebugging 2013- Fredrik simonsson
Debugging 2013- Fredrik simonsson
Mediehuset Ingeniøren Live
 
Keyloggers
KeyloggersKeyloggers
Keyloggers
kdore
 
WHONIX OS
WHONIX OSWHONIX OS
WHONIX OS
Akshay Vasava
 
Internet security
Internet securityInternet security
Internet security
Antony Mathew
 
VenkaSure Total Security+
VenkaSure Total Security+VenkaSure Total Security+
VenkaSure Total Security+
Venkasys Technologies Pvt. Ltd.
 
Understanding Keylogger
Understanding KeyloggerUnderstanding Keylogger
Understanding Keylogger
Phannarith Ou, G-CISO
 
The Open-Source seL4 Kernel. Military-Grade Security Through Mathematics - SF...
The Open-Source seL4 Kernel. Military-Grade Security Through Mathematics - SF...The Open-Source seL4 Kernel. Military-Grade Security Through Mathematics - SF...
The Open-Source seL4 Kernel. Military-Grade Security Through Mathematics - SF...
Linaro
 
勒索軟體態勢與應措
勒索軟體態勢與應措勒索軟體態勢與應措
勒索軟體態勢與應措
jack51706
 
Network Security
Network SecurityNetwork Security
Network Security
Angie Perez (LION)
 
Keyloger & spyware
Keyloger & spyware Keyloger & spyware
Keyloger & spyware
KashifKhan417
 
BOTNET
BOTNETBOTNET
BOTNET
SOHITGOBINDAMSHAW
 
What is keylogger
What is keyloggerWhat is keylogger
What is keylogger
hilarypark97
 
1. Mobile Application (In)security
1. Mobile Application (In)security1. Mobile Application (In)security
1. Mobile Application (In)security
Sam Bowne
 
Telehack: May the Command Line Live Forever
Telehack: May the Command Line Live ForeverTelehack: May the Command Line Live Forever
Telehack: May the Command Line Live Forever
Gregory Hanis
 
CCNP Switching Chapter 10
CCNP Switching Chapter 10CCNP Switching Chapter 10
CCNP Switching Chapter 10
Chaing Ravuth
 
Cómo mejorar la seguridad de los servicios de DNS, DHCP e IPAM
Cómo mejorar la seguridad de los servicios de DNS, DHCP e IPAMCómo mejorar la seguridad de los servicios de DNS, DHCP e IPAM
Cómo mejorar la seguridad de los servicios de DNS, DHCP e IPAM
Mundo Contact
 
Security and identity management on WebRTC
Security and identity management on WebRTCSecurity and identity management on WebRTC
Security and identity management on WebRTC
Quobis
 

More Related Content

What's hot

The Open-Source seL4 Kernel. Military-Grade Security Through Mathematics - SF...
The Open-Source seL4 Kernel. Military-Grade Security Through Mathematics - SF...The Open-Source seL4 Kernel. Military-Grade Security Through Mathematics - SF...
The Open-Source seL4 Kernel. Military-Grade Security Through Mathematics - SF...
Linaro
 

What's hot (19)

Attack presentation
Attack presentationAttack presentation
Attack presentation
 
Embedded government espionage
Embedded government espionageEmbedded government espionage
Embedded government espionage
 
Ransomware is Coming to a Desktop Near You
Ransomware is Coming to a Desktop Near YouRansomware is Coming to a Desktop Near You
Ransomware is Coming to a Desktop Near You
 
Evil Twin
Evil TwinEvil Twin
Evil Twin
 
WiFi security
WiFi security WiFi security
WiFi security
 
Debugging 2013- Fredrik simonsson
Debugging 2013- Fredrik simonssonDebugging 2013- Fredrik simonsson
Debugging 2013- Fredrik simonsson
 
Keyloggers
KeyloggersKeyloggers
Keyloggers
 
WHONIX OS
WHONIX OSWHONIX OS
WHONIX OS
 
Internet security
Internet securityInternet security
Internet security
 
VenkaSure Total Security+
VenkaSure Total Security+VenkaSure Total Security+
VenkaSure Total Security+
 
Understanding Keylogger
Understanding KeyloggerUnderstanding Keylogger
Understanding Keylogger
 
The Open-Source seL4 Kernel. Military-Grade Security Through Mathematics - SF...
The Open-Source seL4 Kernel. Military-Grade Security Through Mathematics - SF...The Open-Source seL4 Kernel. Military-Grade Security Through Mathematics - SF...
The Open-Source seL4 Kernel. Military-Grade Security Through Mathematics - SF...
 
勒索軟體態勢與應措
勒索軟體態勢與應措勒索軟體態勢與應措
勒索軟體態勢與應措
 
Network Security
Network SecurityNetwork Security
Network Security
 
Keyloger & spyware
Keyloger & spyware Keyloger & spyware
Keyloger & spyware
 
BOTNET
BOTNETBOTNET
BOTNET
 
What is keylogger
What is keyloggerWhat is keylogger
What is keylogger
 
1. Mobile Application (In)security
1. Mobile Application (In)security1. Mobile Application (In)security
1. Mobile Application (In)security
 
Telehack: May the Command Line Live Forever
Telehack: May the Command Line Live ForeverTelehack: May the Command Line Live Forever
Telehack: May the Command Line Live Forever
 

Similar to Symantec Freak Vulnerability Infographic

Using hypervisor and container technology to increase datacenter security pos...
Using hypervisor and container technology to increase datacenter security pos...Using hypervisor and container technology to increase datacenter security pos...
Using hypervisor and container technology to increase datacenter security pos...
Tim Mackey
 
Using hypervisor and container technology to increase datacenter security pos...
Using hypervisor and container technology to increase datacenter security pos...Using hypervisor and container technology to increase datacenter security pos...
Using hypervisor and container technology to increase datacenter security pos...
Black Duck by Synopsys
 
Offline attacks-and-hard-disk-encription
Offline attacks-and-hard-disk-encriptionOffline attacks-and-hard-disk-encription
Offline attacks-and-hard-disk-encription
malvvv
 
Remote Login- Noesis
Remote Login- NoesisRemote Login- Noesis
Remote Login- Noesis
Sourav Roy
 

Similar to Symantec Freak Vulnerability Infographic (20)

CCNP Switching Chapter 10
CCNP Switching Chapter 10CCNP Switching Chapter 10
CCNP Switching Chapter 10
 
Cómo mejorar la seguridad de los servicios de DNS, DHCP e IPAM
Cómo mejorar la seguridad de los servicios de DNS, DHCP e IPAMCómo mejorar la seguridad de los servicios de DNS, DHCP e IPAM
Cómo mejorar la seguridad de los servicios de DNS, DHCP e IPAM
 
Security and identity management on WebRTC
Security and identity management on WebRTCSecurity and identity management on WebRTC
Security and identity management on WebRTC
 
WebRTC Security
WebRTC SecurityWebRTC Security
WebRTC Security
 
Using hypervisor and container technology to increase datacenter security pos...
Using hypervisor and container technology to increase datacenter security pos...Using hypervisor and container technology to increase datacenter security pos...
Using hypervisor and container technology to increase datacenter security pos...
 
Using hypervisor and container technology to increase datacenter security pos...
Using hypervisor and container technology to increase datacenter security pos...Using hypervisor and container technology to increase datacenter security pos...
Using hypervisor and container technology to increase datacenter security pos...
 
Offline attacks-and-hard-disk-encription
Offline attacks-and-hard-disk-encriptionOffline attacks-and-hard-disk-encription
Offline attacks-and-hard-disk-encription
 
Information Security Engineering
Information Security EngineeringInformation Security Engineering
Information Security Engineering
 
Security and Linux Security
Security and Linux SecuritySecurity and Linux Security
Security and Linux Security
 
Common crypto attacks and secure implementations
Common crypto attacks and secure implementationsCommon crypto attacks and secure implementations
Common crypto attacks and secure implementations
 
Making networks secure with multi-layer encryption
Making networks secure with multi-layer encryptionMaking networks secure with multi-layer encryption
Making networks secure with multi-layer encryption
 
Windows network
Windows networkWindows network
Windows network
 
BKK16-200 Designing Security into low cost IO T Systems
BKK16-200 Designing Security into low cost IO T SystemsBKK16-200 Designing Security into low cost IO T Systems
BKK16-200 Designing Security into low cost IO T Systems
 
Network Security - Real and Present Dangers
Network Security - Real and Present DangersNetwork Security - Real and Present Dangers
Network Security - Real and Present Dangers
 
Remote Login- Noesis
Remote Login- NoesisRemote Login- Noesis
Remote Login- Noesis
 
PLNOG16: DNS – przyjaciel e-szpiegów i e-złodziei. Analityka w służbie jej DN...
PLNOG16: DNS – przyjaciel e-szpiegów i e-złodziei. Analityka w służbie jej DN...PLNOG16: DNS – przyjaciel e-szpiegów i e-złodziei. Analityka w służbie jej DN...
PLNOG16: DNS – przyjaciel e-szpiegów i e-złodziei. Analityka w służbie jej DN...
 
F5 DDoS Protection
F5 DDoS ProtectionF5 DDoS Protection
F5 DDoS Protection
 
FreeBSD and Hardening Web Server
FreeBSD and Hardening Web ServerFreeBSD and Hardening Web Server
FreeBSD and Hardening Web Server
 
Atelier Technique CISCO ACSS 2018
Atelier Technique CISCO ACSS 2018Atelier Technique CISCO ACSS 2018
Atelier Technique CISCO ACSS 2018
 
Windows network security
Windows network securityWindows network security
Windows network security
 

More from Symantec

More from Symantec (20)

Symantec Enterprise Security Products are now part of Broadcom
Symantec Enterprise Security Products are now part of BroadcomSymantec Enterprise Security Products are now part of Broadcom
Symantec Enterprise Security Products are now part of Broadcom
 
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...
 
Symantec Webinar | National Cyber Security Awareness Month: Protect IT
Symantec Webinar | National Cyber Security Awareness Month: Protect ITSymantec Webinar | National Cyber Security Awareness Month: Protect IT
Symantec Webinar | National Cyber Security Awareness Month: Protect IT
 
Symantec Webinar | National Cyber Security Awareness Month: Secure IT
Symantec Webinar | National Cyber Security Awareness Month: Secure ITSymantec Webinar | National Cyber Security Awareness Month: Secure IT
Symantec Webinar | National Cyber Security Awareness Month: Secure IT
 
Symantec Webinar | National Cyber Security Awareness Month - Own IT
Symantec Webinar | National Cyber Security Awareness Month - Own ITSymantec Webinar | National Cyber Security Awareness Month - Own IT
Symantec Webinar | National Cyber Security Awareness Month - Own IT
 
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
 
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
 
Symantec Mobile Security Webinar
Symantec Mobile Security WebinarSymantec Mobile Security Webinar
Symantec Mobile Security Webinar
 
Symantec Webinar Cloud Security Threat Report
Symantec Webinar Cloud Security Threat ReportSymantec Webinar Cloud Security Threat Report
Symantec Webinar Cloud Security Threat Report
 
Symantec Cloud Security Threat Report
Symantec Cloud Security Threat ReportSymantec Cloud Security Threat Report
Symantec Cloud Security Threat Report
 
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
 
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
 
Symantec Webinar | Tips for Successful CASB Projects
Symantec Webinar | Tips for Successful CASB ProjectsSymantec Webinar | Tips for Successful CASB Projects
Symantec Webinar | Tips for Successful CASB Projects
 
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
 
Symantec Webinar: GDPR 1 Year On
Symantec Webinar: GDPR 1 Year OnSymantec Webinar: GDPR 1 Year On
Symantec Webinar: GDPR 1 Year On
 
Symantec ISTR 24 Webcast 2019
Symantec ISTR 24 Webcast 2019Symantec ISTR 24 Webcast 2019
Symantec ISTR 24 Webcast 2019
 
Symantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front LinesSymantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front Lines
 
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
 
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
 
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy Bear
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy BearSymantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy Bear
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy Bear
 

Recently uploaded

Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
amitlee9823
 
Call Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine ServiceCall Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine Service
ritikaroy0888
 
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
rajveerescorts2022
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
dollysharma2066
 
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
dlhescort
 
Uneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration PresentationUneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration Presentation
uneakwhite
 
Cracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxCracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptx
Workforce Group
 
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Sheetaleventcompany
 
Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
amitlee9823
 
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRLBAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
kapoorjyoti4444
 
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure
 
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabiunwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
Abortion pills in Kuwait Cytotec pills in Kuwait
 
Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...
Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...
Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...
Anamikakaur10
 
Insurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageInsurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usage
Matteo Carbone
 
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
Aggregage
 

Recently uploaded (20)

Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
 
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
 
Call Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine ServiceCall Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine Service
 
Phases of Negotiation .pptx
Phases of Negotiation .pptx Phases of Negotiation .pptx
Phases of Negotiation .pptx
 
Falcon Invoice Discounting platform in india
Falcon Invoice Discounting platform in indiaFalcon Invoice Discounting platform in india
Falcon Invoice Discounting platform in india
 
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
 
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
 
Monthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptxMonthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptx
 
Uneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration PresentationUneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration Presentation
 
Cracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxCracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptx
 
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
 
Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
 
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRLBAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
 
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
 
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabiunwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
 
Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...
Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...
Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...
 
Katrina Personal Brand Project and portfolio 1
Katrina Personal Brand Project and portfolio 1Katrina Personal Brand Project and portfolio 1
Katrina Personal Brand Project and portfolio 1
 
Insurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageInsurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usage
 
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
 

Symantec Freak Vulnerability Infographic

  • 1. @threatintel | www.symantec.com #FREAK FREAK TARGETS WEAK CRYPTO LATEST SSL VULNERABILITY ENABLES ATTACKS AGAINST SOME SECURE CONNECTIONS CLIENT PRECAUTIONS User: Use non-vulnerable browser (Chrome, Firefox) Admin: Disable support for weak cipher suites such as export grade encryption REMEMBER TO UPGRADE SOFTWARE WHEN PATCHES BECOME AVAILABLE SOME BROWSERS CAN BE FORCED TO USE WEAK EXPORT GRADE KEYS MAN-IN-THE-MIDDLE ATTACK FORCE DOWNGRADE ENCRYPTION FROM STRONG TO EXPORT GRADE (<= 512 BIT) EXPORT GRADE ENCRYPTION <= 512 BIT KEYS 512 BIT TOO WEAK 7 HOURS IS ALL IT TAKES TO CRACK A 512 BIT ENCRYPTION KEY (Using < 100 typical PC’s) TIMELINE OF SSL/TLS INSECURITY 1990s 512 bit export grade encryption key size was considered acceptable for public use but still allowed governments to decrypt communications if needed. 2000s (EARLY) Relaxation of controls on non-military grade cryptography. 1024 bit keys widely used and considered safe. 2013 Certificate Authority/Browser Forum increases the key size for Root CA certs. Baseline requirements jump from 1024 bits to 2048 bits. This should provide security headroom…for a while. 2014 • HEARTBLEED – SSL information leak vulnerability affecting many SSL implementations. • POODLE – SSL encryption downgrade dance can allow attackers to force weaker encryption on SSL connections which can then be cracked/hijacked. • FREAK – Discovery of FREAK vulnerability, affecting many server implementations and browsers, could allow for multiple attack scenarios. SOME SERVERS STILL SUPPORT EXPORT GRADE CIPHER SUITES SERVER RAPIDLY INCREASING PROCESSING POWER MEANS WHAT WAS CONSIDERED SECURE IN THE 90s IS NO LONGER SECURE NOW MOORE’S LAW Sources: https://en.wikipedia.org/wiki/Export_of_cryptography_from_the_United_States#Current_status https://www.cabforum.org/wp-content/uploads/Baseline_Requirements_V1.pdf http://www.symantec.com/connect/blogs/heartbleed-bug-poses-serious-threat-unpatched-servers http://www.symantec.com/connect/blogs/poodle-vulnerability-old-version-ssl-represents-new-threat