SlideShare a Scribd company logo

Symantec Freak Vulnerability Infographic

Symantec
Symantec

The Freak vulnerability targets weak cryptography and enables attacks against some secure connections.

1 of 1
Download to read offline
@threatintel | www.symantec.com #FREAK FREAK TARGETS WEAK CRYPTO LATEST SSL VULNERABILITY ENABLES ATTACKS AGAINST SOME SECURE CONNECTIONS CLIENT PRECAUTIONS User: Use non-vulnerable browser (Chrome, Firefox) Admin: Disable support for weak cipher suites such as export grade encryption REMEMBER TO UPGRADE SOFTWARE WHEN PATCHES BECOME AVAILABLE SOME BROWSERS CAN BE FORCED TO USE WEAK EXPORT GRADE KEYS MAN-IN-THE-MIDDLE ATTACK FORCE DOWNGRADE ENCRYPTION FROM STRONG TO EXPORT GRADE (<= 512 BIT) EXPORT GRADE ENCRYPTION <= 512 BIT KEYS 512 BIT TOO WEAK 7 HOURS IS ALL IT TAKES TO CRACK A 512 BIT ENCRYPTION KEY (Using < 100 typical PC’s) TIMELINE OF SSL/TLS INSECURITY 1990s 512 bit export grade encryption key size was considered acceptable for public use but still allowed governments to decrypt communications if needed. 2000s (EARLY) Relaxation of controls on non-military grade cryptography. 1024 bit keys widely used and considered safe. 2013 Certificate Authority/Browser Forum increases the key size for Root CA certs. Baseline requirements jump from 1024 bits to 2048 bits. This should provide security headroom…for a while. 2014 • HEARTBLEED – SSL information leak vulnerability affecting many SSL implementations. • POODLE – SSL encryption downgrade dance can allow attackers to force weaker encryption on SSL connections which can then be cracked/hijacked. • FREAK – Discovery of FREAK vulnerability, affecting many server implementations and browsers, could allow for multiple attack scenarios. SOME SERVERS STILL SUPPORT EXPORT GRADE CIPHER SUITES SERVER RAPIDLY INCREASING PROCESSING POWER MEANS WHAT WAS CONSIDERED SECURE IN THE 90s IS NO LONGER SECURE NOW MOORE’S LAW Sources: https://en.wikipedia.org/wiki/Export_of_cryptography_from_the_United_States#Current_status https://www.cabforum.org/wp-content/uploads/Baseline_Requirements_V1.pdf http://www.symantec.com/connect/blogs/heartbleed-bug-poses-serious-threat-unpatched-servers http://www.symantec.com/connect/blogs/poodle-vulnerability-old-version-ssl-represents-new-threat

Recommended

[CB19] Hardware Wallet Security
[CB19] Hardware Wallet Security[CB19] Hardware Wallet Security
[CB19] Hardware Wallet Security
CODE BLUE
 
IoT security
IoT securityIoT security
IoT security
Abhishek Dwivedi
 
Covid 19 staying cyber secure
Covid 19 staying cyber secureCovid 19 staying cyber secure
Covid 19 staying cyber secure
mascot4u
 
Necto 16 training 18 access security
Necto 16 training 18 access securityNecto 16 training 18 access security
Necto 16 training 18 access security
Panorama Software
 
Exploits
ExploitsExploits
Exploits
Tylor Shellenberger
 
Vpn presnt
Vpn presntVpn presnt
Vpn presnt
Frikha Nour
 
Week13pre
Week13preWeek13pre
Week13pre
s1160072
 
Rivetz Corp. - Building the hardware protected wallet
Rivetz Corp. - Building the hardware protected walletRivetz Corp. - Building the hardware protected wallet
Rivetz Corp. - Building the hardware protected wallet
Steven Sprague
 

Recommended

[CB19] Hardware Wallet Security
[CB19] Hardware Wallet Security[CB19] Hardware Wallet Security
[CB19] Hardware Wallet Security
CODE BLUE
 
IoT security
IoT securityIoT security
IoT security
Abhishek Dwivedi
 
Covid 19 staying cyber secure
Covid 19 staying cyber secureCovid 19 staying cyber secure
Covid 19 staying cyber secure
mascot4u
 
Necto 16 training 18 access security
Necto 16 training 18 access securityNecto 16 training 18 access security
Necto 16 training 18 access security
Panorama Software
 
Exploits
ExploitsExploits
Exploits
Tylor Shellenberger
 
Vpn presnt
Vpn presntVpn presnt
Vpn presnt
Frikha Nour
 
Week13pre
Week13preWeek13pre
Week13pre
s1160072
 
Rivetz Corp. - Building the hardware protected wallet
Rivetz Corp. - Building the hardware protected walletRivetz Corp. - Building the hardware protected wallet
Rivetz Corp. - Building the hardware protected wallet
Steven Sprague
 
Attack presentation
Attack presentationAttack presentation
Attack presentation
Frikha Nour
 
Embedded government espionage
Embedded government espionageEmbedded government espionage
Embedded government espionage
Muts Byte
 
Ransomware is Coming to a Desktop Near You
Ransomware is Coming to a Desktop Near YouRansomware is Coming to a Desktop Near You
Ransomware is Coming to a Desktop Near You
Cybereason
 
Evil Twin
Evil TwinEvil Twin
Evil Twin
n|u - The Open Security Community
 
WiFi security
WiFi security WiFi security
WiFi security
Ihor Uzhvenko
 
Debugging 2013- Fredrik simonsson
Debugging 2013- Fredrik simonssonDebugging 2013- Fredrik simonsson
Debugging 2013- Fredrik simonsson
Mediehuset Ingeniøren Live
 
Keyloggers
KeyloggersKeyloggers
Keyloggers
kdore
 
WHONIX OS
WHONIX OSWHONIX OS
WHONIX OS
Akshay Vasava
 
Internet security
Internet securityInternet security
Internet security
Antony Mathew
 
VenkaSure Total Security+
VenkaSure Total Security+VenkaSure Total Security+
VenkaSure Total Security+
Venkasys Technologies Pvt. Ltd.
 
Understanding Keylogger
Understanding KeyloggerUnderstanding Keylogger
Understanding Keylogger
Phannarith Ou, G-CISO
 
The Open-Source seL4 Kernel. Military-Grade Security Through Mathematics - SF...
The Open-Source seL4 Kernel. Military-Grade Security Through Mathematics - SF...The Open-Source seL4 Kernel. Military-Grade Security Through Mathematics - SF...
The Open-Source seL4 Kernel. Military-Grade Security Through Mathematics - SF...
Linaro
 
勒索軟體態勢與應措
勒索軟體態勢與應措勒索軟體態勢與應措
勒索軟體態勢與應措
jack51706
 
Network Security
Network SecurityNetwork Security
Network SecurityAngie Perez (LION)
 
Keyloger & spyware
Keyloger & spyware Keyloger & spyware
Keyloger & spyware
KashifKhan417
 
BOTNET
BOTNETBOTNET
BOTNET
SOHITGOBINDAMSHAW
 
What is keylogger
What is keyloggerWhat is keylogger
What is keylogger
hilarypark97
 
1. Mobile Application (In)security
1. Mobile Application (In)security1. Mobile Application (In)security
1. Mobile Application (In)security
Sam Bowne
 
Telehack: May the Command Line Live Forever
Telehack: May the Command Line Live ForeverTelehack: May the Command Line Live Forever
Telehack: May the Command Line Live Forever
Gregory Hanis
 
CCNP Switching Chapter 10
CCNP Switching Chapter 10CCNP Switching Chapter 10
CCNP Switching Chapter 10
Chaing Ravuth
 
Cómo mejorar la seguridad de los servicios de DNS, DHCP e IPAM
Cómo mejorar la seguridad de los servicios de DNS, DHCP e IPAMCómo mejorar la seguridad de los servicios de DNS, DHCP e IPAM
Cómo mejorar la seguridad de los servicios de DNS, DHCP e IPAM
Mundo Contact
 
WebRTC Security
WebRTC SecurityWebRTC Security
WebRTC Security
Alex Hunte
 

More Related Content

What's hot

Attack presentation
Attack presentationAttack presentation
Attack presentation
Frikha Nour
 
Embedded government espionage
Embedded government espionageEmbedded government espionage
Embedded government espionage
Muts Byte
 
Ransomware is Coming to a Desktop Near You
Ransomware is Coming to a Desktop Near YouRansomware is Coming to a Desktop Near You
Ransomware is Coming to a Desktop Near You
Cybereason
 
Evil Twin
Evil TwinEvil Twin
Evil Twin
n|u - The Open Security Community
 
WiFi security
WiFi security WiFi security
WiFi security
Ihor Uzhvenko
 
Debugging 2013- Fredrik simonsson
Debugging 2013- Fredrik simonssonDebugging 2013- Fredrik simonsson
Debugging 2013- Fredrik simonsson
Mediehuset Ingeniøren Live
 
Keyloggers
KeyloggersKeyloggers
Keyloggers
kdore
 
WHONIX OS
WHONIX OSWHONIX OS
WHONIX OS
Akshay Vasava
 
Internet security
Internet securityInternet security
Internet security
Antony Mathew
 
VenkaSure Total Security+
VenkaSure Total Security+VenkaSure Total Security+
VenkaSure Total Security+
Venkasys Technologies Pvt. Ltd.
 
Understanding Keylogger
Understanding KeyloggerUnderstanding Keylogger
Understanding Keylogger
Phannarith Ou, G-CISO
 
The Open-Source seL4 Kernel. Military-Grade Security Through Mathematics - SF...
The Open-Source seL4 Kernel. Military-Grade Security Through Mathematics - SF...The Open-Source seL4 Kernel. Military-Grade Security Through Mathematics - SF...
The Open-Source seL4 Kernel. Military-Grade Security Through Mathematics - SF...
Linaro
 
勒索軟體態勢與應措
勒索軟體態勢與應措勒索軟體態勢與應措
勒索軟體態勢與應措
jack51706
 
Keyloger & spyware
Keyloger & spyware Keyloger & spyware
Keyloger & spyware
KashifKhan417
 
BOTNET
BOTNETBOTNET
BOTNET
SOHITGOBINDAMSHAW
 
What is keylogger
What is keyloggerWhat is keylogger
What is keylogger
hilarypark97
 
1. Mobile Application (In)security
1. Mobile Application (In)security1. Mobile Application (In)security
1. Mobile Application (In)security
Sam Bowne
 
Telehack: May the Command Line Live Forever
Telehack: May the Command Line Live ForeverTelehack: May the Command Line Live Forever
Telehack: May the Command Line Live Forever
Gregory Hanis
 

What's hot (19)

Attack presentation
Attack presentationAttack presentation
Attack presentation
 
Embedded government espionage
Embedded government espionageEmbedded government espionage
Embedded government espionage
 
Ransomware is Coming to a Desktop Near You
Ransomware is Coming to a Desktop Near YouRansomware is Coming to a Desktop Near You
Ransomware is Coming to a Desktop Near You
 
Evil Twin
Evil TwinEvil Twin
Evil Twin
 
WiFi security
WiFi security WiFi security
WiFi security
 
Debugging 2013- Fredrik simonsson
Debugging 2013- Fredrik simonssonDebugging 2013- Fredrik simonsson
Debugging 2013- Fredrik simonsson
 
Keyloggers
KeyloggersKeyloggers
Keyloggers
 
WHONIX OS
WHONIX OSWHONIX OS
WHONIX OS
 
Internet security
Internet securityInternet security
Internet security
 
VenkaSure Total Security+
VenkaSure Total Security+VenkaSure Total Security+
VenkaSure Total Security+
 
Understanding Keylogger
Understanding KeyloggerUnderstanding Keylogger
Understanding Keylogger
 
The Open-Source seL4 Kernel. Military-Grade Security Through Mathematics - SF...
The Open-Source seL4 Kernel. Military-Grade Security Through Mathematics - SF...The Open-Source seL4 Kernel. Military-Grade Security Through Mathematics - SF...
The Open-Source seL4 Kernel. Military-Grade Security Through Mathematics - SF...
 
勒索軟體態勢與應措
勒索軟體態勢與應措勒索軟體態勢與應措
勒索軟體態勢與應措
 
Network Security
Network SecurityNetwork Security
Network Security
 
Keyloger & spyware
Keyloger & spyware Keyloger & spyware
Keyloger & spyware
 
BOTNET
BOTNETBOTNET
BOTNET
 
What is keylogger
What is keyloggerWhat is keylogger
What is keylogger
 
1. Mobile Application (In)security
1. Mobile Application (In)security1. Mobile Application (In)security
1. Mobile Application (In)security
 
Telehack: May the Command Line Live Forever
Telehack: May the Command Line Live ForeverTelehack: May the Command Line Live Forever
Telehack: May the Command Line Live Forever
 

Similar to Symantec Freak Vulnerability Infographic

CCNP Switching Chapter 10
CCNP Switching Chapter 10CCNP Switching Chapter 10
CCNP Switching Chapter 10
Chaing Ravuth
 
Cómo mejorar la seguridad de los servicios de DNS, DHCP e IPAM
Cómo mejorar la seguridad de los servicios de DNS, DHCP e IPAMCómo mejorar la seguridad de los servicios de DNS, DHCP e IPAM
Cómo mejorar la seguridad de los servicios de DNS, DHCP e IPAM
Mundo Contact
 
WebRTC Security
WebRTC SecurityWebRTC Security
WebRTC Security
Alex Hunte
 
Security and identity management on WebRTC
Security and identity management on WebRTCSecurity and identity management on WebRTC
Security and identity management on WebRTC
Quobis
 
Using hypervisor and container technology to increase datacenter security pos...
Using hypervisor and container technology to increase datacenter security pos...Using hypervisor and container technology to increase datacenter security pos...
Using hypervisor and container technology to increase datacenter security pos...
Black Duck by Synopsys
 
Using hypervisor and container technology to increase datacenter security pos...
Using hypervisor and container technology to increase datacenter security pos...Using hypervisor and container technology to increase datacenter security pos...
Using hypervisor and container technology to increase datacenter security pos...
Tim Mackey
 
Offline attacks-and-hard-disk-encription
Offline attacks-and-hard-disk-encriptionOffline attacks-and-hard-disk-encription
Offline attacks-and-hard-disk-encription
malvvv
 
Information Security Engineering
Information Security EngineeringInformation Security Engineering
Information Security Engineering
Md. Hasan Basri (Angel)
 
Security and Linux Security
Security and Linux SecuritySecurity and Linux Security
Security and Linux Security
Rizky Ariestiyansyah
 
Common crypto attacks and secure implementations
Common crypto attacks and secure implementationsCommon crypto attacks and secure implementations
Common crypto attacks and secure implementations
Trupti Shiralkar, CISSP
 
Making networks secure with multi-layer encryption
Making networks secure with multi-layer encryptionMaking networks secure with multi-layer encryption
Making networks secure with multi-layer encryption
ADVA
 
BKK16-200 Designing Security into low cost IO T Systems
BKK16-200 Designing Security into low cost IO T SystemsBKK16-200 Designing Security into low cost IO T Systems
BKK16-200 Designing Security into low cost IO T Systems
Linaro
 
Network Security - Real and Present Dangers
Network Security - Real and Present DangersNetwork Security - Real and Present Dangers
Network Security - Real and Present Dangers
Peter Wood
 
Remote Login- Noesis
Remote Login- NoesisRemote Login- Noesis
Remote Login- NoesisSourav Roy
 
PLNOG16: DNS – przyjaciel e-szpiegów i e-złodziei. Analityka w służbie jej DN...
PLNOG16: DNS – przyjaciel e-szpiegów i e-złodziei. Analityka w służbie jej DN...PLNOG16: DNS – przyjaciel e-szpiegów i e-złodziei. Analityka w służbie jej DN...
PLNOG16: DNS – przyjaciel e-szpiegów i e-złodziei. Analityka w służbie jej DN...
PROIDEA
 
FreeBSD and Hardening Web Server
FreeBSD and Hardening Web ServerFreeBSD and Hardening Web Server
FreeBSD and Hardening Web Server
Muhammad Moinur Rahman
 
Atelier Technique CISCO ACSS 2018
Atelier Technique CISCO ACSS 2018Atelier Technique CISCO ACSS 2018
Atelier Technique CISCO ACSS 2018
African Cyber Security Summit
 

Similar to Symantec Freak Vulnerability Infographic (20)

CCNP Switching Chapter 10
CCNP Switching Chapter 10CCNP Switching Chapter 10
CCNP Switching Chapter 10
 
Cómo mejorar la seguridad de los servicios de DNS, DHCP e IPAM
Cómo mejorar la seguridad de los servicios de DNS, DHCP e IPAMCómo mejorar la seguridad de los servicios de DNS, DHCP e IPAM
Cómo mejorar la seguridad de los servicios de DNS, DHCP e IPAM
 
WebRTC Security
WebRTC SecurityWebRTC Security
WebRTC Security
 
Security and identity management on WebRTC
Security and identity management on WebRTCSecurity and identity management on WebRTC
Security and identity management on WebRTC
 
Using hypervisor and container technology to increase datacenter security pos...
Using hypervisor and container technology to increase datacenter security pos...Using hypervisor and container technology to increase datacenter security pos...
Using hypervisor and container technology to increase datacenter security pos...
 
Using hypervisor and container technology to increase datacenter security pos...
Using hypervisor and container technology to increase datacenter security pos...Using hypervisor and container technology to increase datacenter security pos...
Using hypervisor and container technology to increase datacenter security pos...
 
Offline attacks-and-hard-disk-encription
Offline attacks-and-hard-disk-encriptionOffline attacks-and-hard-disk-encription
Offline attacks-and-hard-disk-encription
 
Information Security Engineering
Information Security EngineeringInformation Security Engineering
Information Security Engineering
 
Security and Linux Security
Security and Linux SecuritySecurity and Linux Security
Security and Linux Security
 
Common crypto attacks and secure implementations
Common crypto attacks and secure implementationsCommon crypto attacks and secure implementations
Common crypto attacks and secure implementations
 
Making networks secure with multi-layer encryption
Making networks secure with multi-layer encryptionMaking networks secure with multi-layer encryption
Making networks secure with multi-layer encryption
 
Windows network
Windows networkWindows network
Windows network
 
BKK16-200 Designing Security into low cost IO T Systems
BKK16-200 Designing Security into low cost IO T SystemsBKK16-200 Designing Security into low cost IO T Systems
BKK16-200 Designing Security into low cost IO T Systems
 
Network Security - Real and Present Dangers
Network Security - Real and Present DangersNetwork Security - Real and Present Dangers
Network Security - Real and Present Dangers
 
Remote Login- Noesis
Remote Login- NoesisRemote Login- Noesis
Remote Login- Noesis
 
PLNOG16: DNS – przyjaciel e-szpiegów i e-złodziei. Analityka w służbie jej DN...
PLNOG16: DNS – przyjaciel e-szpiegów i e-złodziei. Analityka w służbie jej DN...PLNOG16: DNS – przyjaciel e-szpiegów i e-złodziei. Analityka w służbie jej DN...
PLNOG16: DNS – przyjaciel e-szpiegów i e-złodziei. Analityka w służbie jej DN...
 
F5 DDoS Protection
F5 DDoS ProtectionF5 DDoS Protection
F5 DDoS Protection
 
FreeBSD and Hardening Web Server
FreeBSD and Hardening Web ServerFreeBSD and Hardening Web Server
FreeBSD and Hardening Web Server
 
Atelier Technique CISCO ACSS 2018
Atelier Technique CISCO ACSS 2018Atelier Technique CISCO ACSS 2018
Atelier Technique CISCO ACSS 2018
 
Windows network security
Windows network securityWindows network security
Windows network security
 

More from Symantec

Symantec Enterprise Security Products are now part of Broadcom
Symantec Enterprise Security Products are now part of BroadcomSymantec Enterprise Security Products are now part of Broadcom
Symantec Enterprise Security Products are now part of Broadcom
Symantec
 
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...
Symantec
 
Symantec Webinar | National Cyber Security Awareness Month: Protect IT
Symantec Webinar | National Cyber Security Awareness Month: Protect ITSymantec Webinar | National Cyber Security Awareness Month: Protect IT
Symantec Webinar | National Cyber Security Awareness Month: Protect IT
Symantec
 
Symantec Webinar | National Cyber Security Awareness Month: Secure IT
Symantec Webinar | National Cyber Security Awareness Month: Secure ITSymantec Webinar | National Cyber Security Awareness Month: Secure IT
Symantec Webinar | National Cyber Security Awareness Month: Secure IT
Symantec
 
Symantec Webinar | National Cyber Security Awareness Month - Own IT
Symantec Webinar | National Cyber Security Awareness Month - Own ITSymantec Webinar | National Cyber Security Awareness Month - Own IT
Symantec Webinar | National Cyber Security Awareness Month - Own IT
Symantec
 
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
Symantec
 
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec
 
Symantec Mobile Security Webinar
Symantec Mobile Security WebinarSymantec Mobile Security Webinar
Symantec Mobile Security Webinar
Symantec
 
Symantec Webinar Cloud Security Threat Report
Symantec Webinar Cloud Security Threat ReportSymantec Webinar Cloud Security Threat Report
Symantec Webinar Cloud Security Threat Report
Symantec
 
Symantec Cloud Security Threat Report
Symantec Cloud Security Threat ReportSymantec Cloud Security Threat Report
Symantec Cloud Security Threat Report
Symantec
 
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec
 
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec
 
Symantec Webinar | Tips for Successful CASB Projects
Symantec Webinar | Tips for Successful CASB ProjectsSymantec Webinar | Tips for Successful CASB Projects
Symantec Webinar | Tips for Successful CASB Projects
Symantec
 
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
Symantec
 
Symantec Webinar: GDPR 1 Year On
Symantec Webinar: GDPR 1 Year OnSymantec Webinar: GDPR 1 Year On
Symantec Webinar: GDPR 1 Year On
Symantec
 
Symantec ISTR 24 Webcast 2019
Symantec ISTR 24 Webcast 2019Symantec ISTR 24 Webcast 2019
Symantec ISTR 24 Webcast 2019
Symantec
 
Symantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front LinesSymantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec
 
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
Symantec
 
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
Symantec
 
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy Bear
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy BearSymantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy Bear
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy Bear
Symantec
 

More from Symantec (20)

Symantec Enterprise Security Products are now part of Broadcom
Symantec Enterprise Security Products are now part of BroadcomSymantec Enterprise Security Products are now part of Broadcom
Symantec Enterprise Security Products are now part of Broadcom
 
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...
 
Symantec Webinar | National Cyber Security Awareness Month: Protect IT
Symantec Webinar | National Cyber Security Awareness Month: Protect ITSymantec Webinar | National Cyber Security Awareness Month: Protect IT
Symantec Webinar | National Cyber Security Awareness Month: Protect IT
 
Symantec Webinar | National Cyber Security Awareness Month: Secure IT
Symantec Webinar | National Cyber Security Awareness Month: Secure ITSymantec Webinar | National Cyber Security Awareness Month: Secure IT
Symantec Webinar | National Cyber Security Awareness Month: Secure IT
 
Symantec Webinar | National Cyber Security Awareness Month - Own IT
Symantec Webinar | National Cyber Security Awareness Month - Own ITSymantec Webinar | National Cyber Security Awareness Month - Own IT
Symantec Webinar | National Cyber Security Awareness Month - Own IT
 
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
 
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
 
Symantec Mobile Security Webinar
Symantec Mobile Security WebinarSymantec Mobile Security Webinar
Symantec Mobile Security Webinar
 
Symantec Webinar Cloud Security Threat Report
Symantec Webinar Cloud Security Threat ReportSymantec Webinar Cloud Security Threat Report
Symantec Webinar Cloud Security Threat Report
 
Symantec Cloud Security Threat Report
Symantec Cloud Security Threat ReportSymantec Cloud Security Threat Report
Symantec Cloud Security Threat Report
 
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
 
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
 
Symantec Webinar | Tips for Successful CASB Projects
Symantec Webinar | Tips for Successful CASB ProjectsSymantec Webinar | Tips for Successful CASB Projects
Symantec Webinar | Tips for Successful CASB Projects
 
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
 
Symantec Webinar: GDPR 1 Year On
Symantec Webinar: GDPR 1 Year OnSymantec Webinar: GDPR 1 Year On
Symantec Webinar: GDPR 1 Year On
 
Symantec ISTR 24 Webcast 2019
Symantec ISTR 24 Webcast 2019Symantec ISTR 24 Webcast 2019
Symantec ISTR 24 Webcast 2019
 
Symantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front LinesSymantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front Lines
 
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
 
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
 
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy Bear
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy BearSymantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy Bear
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy Bear
 

Recently uploaded

Putting the SPARK into Virtual Training.pptx
Putting the SPARK into Virtual Training.pptxPutting the SPARK into Virtual Training.pptx
Putting the SPARK into Virtual Training.pptx
Cynthia Clay
 
ikea_woodgreen_petscharity_dog-alogue_digital.pdf
ikea_woodgreen_petscharity_dog-alogue_digital.pdfikea_woodgreen_petscharity_dog-alogue_digital.pdf
ikea_woodgreen_petscharity_dog-alogue_digital.pdf
agatadrynko
 
Cracking the Workplace Discipline Code Main.pptx
Cracking the Workplace Discipline Code Main.pptxCracking the Workplace Discipline Code Main.pptx
Cracking the Workplace Discipline Code Main.pptx
Workforce Group
 
Maksym Vyshnivetskyi: PMO Quality Management (UA)
Maksym Vyshnivetskyi: PMO Quality Management (UA)Maksym Vyshnivetskyi: PMO Quality Management (UA)
Maksym Vyshnivetskyi: PMO Quality Management (UA)
Lviv Startup Club
 
5 Things You Need To Know Before Hiring a Videographer
5 Things You Need To Know Before Hiring a Videographer5 Things You Need To Know Before Hiring a Videographer
5 Things You Need To Know Before Hiring a Videographer
ofm712785
 
Discover the innovative and creative projects that highlight my journey throu...
Discover the innovative and creative projects that highlight my journey throu...Discover the innovative and creative projects that highlight my journey throu...
Discover the innovative and creative projects that highlight my journey throu...
dylandmeas
 
FINAL PRESENTATION.pptx12143241324134134
FINAL PRESENTATION.pptx12143241324134134FINAL PRESENTATION.pptx12143241324134134
FINAL PRESENTATION.pptx12143241324134134
LR1709MUSIC
 
Sustainability: Balancing the Environment, Equity & Economy
Sustainability: Balancing the Environment, Equity & EconomySustainability: Balancing the Environment, Equity & Economy
Sustainability: Balancing the Environment, Equity & Economy
Operational Excellence Consulting
 
Enterprise Excellence is Inclusive Excellence.pdf
Enterprise Excellence is Inclusive Excellence.pdfEnterprise Excellence is Inclusive Excellence.pdf
Enterprise Excellence is Inclusive Excellence.pdf
KaiNexus
 
Skye Residences | Extended Stay Residences Near Toronto Airport
Skye Residences | Extended Stay Residences Near Toronto AirportSkye Residences | Extended Stay Residences Near Toronto Airport
Skye Residences | Extended Stay Residences Near Toronto Airport
marketingjdass
 
BeMetals Presentation_May_22_2024 .pdf
BeMetals Presentation_May_22_2024 .pdfBeMetals Presentation_May_22_2024 .pdf
BeMetals Presentation_May_22_2024 .pdf
DerekIwanaka1
 
anas about venice for grade 6f about venice
anas about venice for grade 6f about veniceanas about venice for grade 6f about venice
anas about venice for grade 6f about venice
anasabutalha2013
 
Improving profitability for small business
Improving profitability for small businessImproving profitability for small business
Improving profitability for small business
Ben Wann
 
RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...
RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...
RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...
BBPMedia1
 
Tata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s Dholera
Tata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s DholeraTata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s Dholera
Tata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s Dholera
Avirahi City Dholera
 
Exploring Patterns of Connection with Social Dreaming
Exploring Patterns of Connection with Social DreamingExploring Patterns of Connection with Social Dreaming
Exploring Patterns of Connection with Social Dreaming
Nicola Wreford-Howard
 
Meas_Dylan_DMBS_PB1_2024-05XX_Revised.pdf
Meas_Dylan_DMBS_PB1_2024-05XX_Revised.pdfMeas_Dylan_DMBS_PB1_2024-05XX_Revised.pdf
Meas_Dylan_DMBS_PB1_2024-05XX_Revised.pdf
dylandmeas
 
Search Disrupted Google’s Leaked Documents Rock the SEO World.pdf
Search Disrupted Google’s Leaked Documents Rock the SEO World.pdfSearch Disrupted Google’s Leaked Documents Rock the SEO World.pdf
Search Disrupted Google’s Leaked Documents Rock the SEO World.pdf
Arihant Webtech Pvt. Ltd
 
falcon-invoice-discounting-a-premier-platform-for-investors-in-india
falcon-invoice-discounting-a-premier-platform-for-investors-in-indiafalcon-invoice-discounting-a-premier-platform-for-investors-in-india
falcon-invoice-discounting-a-premier-platform-for-investors-in-india
Falcon Invoice Discounting
 
RMD24 | Retail media: hoe zet je dit in als je geen AH of Unilever bent? Heid...
RMD24 | Retail media: hoe zet je dit in als je geen AH of Unilever bent? Heid...RMD24 | Retail media: hoe zet je dit in als je geen AH of Unilever bent? Heid...
RMD24 | Retail media: hoe zet je dit in als je geen AH of Unilever bent? Heid...
BBPMedia1
 

Recently uploaded (20)

Putting the SPARK into Virtual Training.pptx
Putting the SPARK into Virtual Training.pptxPutting the SPARK into Virtual Training.pptx
Putting the SPARK into Virtual Training.pptx
 
ikea_woodgreen_petscharity_dog-alogue_digital.pdf
ikea_woodgreen_petscharity_dog-alogue_digital.pdfikea_woodgreen_petscharity_dog-alogue_digital.pdf
ikea_woodgreen_petscharity_dog-alogue_digital.pdf
 
Cracking the Workplace Discipline Code Main.pptx
Cracking the Workplace Discipline Code Main.pptxCracking the Workplace Discipline Code Main.pptx
Cracking the Workplace Discipline Code Main.pptx
 
Maksym Vyshnivetskyi: PMO Quality Management (UA)
Maksym Vyshnivetskyi: PMO Quality Management (UA)Maksym Vyshnivetskyi: PMO Quality Management (UA)
Maksym Vyshnivetskyi: PMO Quality Management (UA)
 
5 Things You Need To Know Before Hiring a Videographer
5 Things You Need To Know Before Hiring a Videographer5 Things You Need To Know Before Hiring a Videographer
5 Things You Need To Know Before Hiring a Videographer
 
Discover the innovative and creative projects that highlight my journey throu...
Discover the innovative and creative projects that highlight my journey throu...Discover the innovative and creative projects that highlight my journey throu...
Discover the innovative and creative projects that highlight my journey throu...
 
FINAL PRESENTATION.pptx12143241324134134
FINAL PRESENTATION.pptx12143241324134134FINAL PRESENTATION.pptx12143241324134134
FINAL PRESENTATION.pptx12143241324134134
 
Sustainability: Balancing the Environment, Equity & Economy
Sustainability: Balancing the Environment, Equity & EconomySustainability: Balancing the Environment, Equity & Economy
Sustainability: Balancing the Environment, Equity & Economy
 
Enterprise Excellence is Inclusive Excellence.pdf
Enterprise Excellence is Inclusive Excellence.pdfEnterprise Excellence is Inclusive Excellence.pdf
Enterprise Excellence is Inclusive Excellence.pdf
 
Skye Residences | Extended Stay Residences Near Toronto Airport
Skye Residences | Extended Stay Residences Near Toronto AirportSkye Residences | Extended Stay Residences Near Toronto Airport
Skye Residences | Extended Stay Residences Near Toronto Airport
 
BeMetals Presentation_May_22_2024 .pdf
BeMetals Presentation_May_22_2024 .pdfBeMetals Presentation_May_22_2024 .pdf
BeMetals Presentation_May_22_2024 .pdf
 
anas about venice for grade 6f about venice
anas about venice for grade 6f about veniceanas about venice for grade 6f about venice
anas about venice for grade 6f about venice
 
Improving profitability for small business
Improving profitability for small businessImproving profitability for small business
Improving profitability for small business
 
RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...
RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...
RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...
 
Tata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s Dholera
Tata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s DholeraTata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s Dholera
Tata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s Dholera
 
Exploring Patterns of Connection with Social Dreaming
Exploring Patterns of Connection with Social DreamingExploring Patterns of Connection with Social Dreaming
Exploring Patterns of Connection with Social Dreaming
 
Meas_Dylan_DMBS_PB1_2024-05XX_Revised.pdf
Meas_Dylan_DMBS_PB1_2024-05XX_Revised.pdfMeas_Dylan_DMBS_PB1_2024-05XX_Revised.pdf
Meas_Dylan_DMBS_PB1_2024-05XX_Revised.pdf
 
Search Disrupted Google’s Leaked Documents Rock the SEO World.pdf
Search Disrupted Google’s Leaked Documents Rock the SEO World.pdfSearch Disrupted Google’s Leaked Documents Rock the SEO World.pdf
Search Disrupted Google’s Leaked Documents Rock the SEO World.pdf
 
falcon-invoice-discounting-a-premier-platform-for-investors-in-india
falcon-invoice-discounting-a-premier-platform-for-investors-in-indiafalcon-invoice-discounting-a-premier-platform-for-investors-in-india
falcon-invoice-discounting-a-premier-platform-for-investors-in-india
 
RMD24 | Retail media: hoe zet je dit in als je geen AH of Unilever bent? Heid...
RMD24 | Retail media: hoe zet je dit in als je geen AH of Unilever bent? Heid...RMD24 | Retail media: hoe zet je dit in als je geen AH of Unilever bent? Heid...
RMD24 | Retail media: hoe zet je dit in als je geen AH of Unilever bent? Heid...
 

Symantec Freak Vulnerability Infographic

  • 1. @threatintel | www.symantec.com #FREAK FREAK TARGETS WEAK CRYPTO LATEST SSL VULNERABILITY ENABLES ATTACKS AGAINST SOME SECURE CONNECTIONS CLIENT PRECAUTIONS User: Use non-vulnerable browser (Chrome, Firefox) Admin: Disable support for weak cipher suites such as export grade encryption REMEMBER TO UPGRADE SOFTWARE WHEN PATCHES BECOME AVAILABLE SOME BROWSERS CAN BE FORCED TO USE WEAK EXPORT GRADE KEYS MAN-IN-THE-MIDDLE ATTACK FORCE DOWNGRADE ENCRYPTION FROM STRONG TO EXPORT GRADE (<= 512 BIT) EXPORT GRADE ENCRYPTION <= 512 BIT KEYS 512 BIT TOO WEAK 7 HOURS IS ALL IT TAKES TO CRACK A 512 BIT ENCRYPTION KEY (Using < 100 typical PC’s) TIMELINE OF SSL/TLS INSECURITY 1990s 512 bit export grade encryption key size was considered acceptable for public use but still allowed governments to decrypt communications if needed. 2000s (EARLY) Relaxation of controls on non-military grade cryptography. 1024 bit keys widely used and considered safe. 2013 Certificate Authority/Browser Forum increases the key size for Root CA certs. Baseline requirements jump from 1024 bits to 2048 bits. This should provide security headroom…for a while. 2014 • HEARTBLEED – SSL information leak vulnerability affecting many SSL implementations. • POODLE – SSL encryption downgrade dance can allow attackers to force weaker encryption on SSL connections which can then be cracked/hijacked. • FREAK – Discovery of FREAK vulnerability, affecting many server implementations and browsers, could allow for multiple attack scenarios. SOME SERVERS STILL SUPPORT EXPORT GRADE CIPHER SUITES SERVER RAPIDLY INCREASING PROCESSING POWER MEANS WHAT WAS CONSIDERED SECURE IN THE 90s IS NO LONGER SECURE NOW MOORE’S LAW Sources: https://en.wikipedia.org/wiki/Export_of_cryptography_from_the_United_States#Current_status https://www.cabforum.org/wp-content/uploads/Baseline_Requirements_V1.pdf http://www.symantec.com/connect/blogs/heartbleed-bug-poses-serious-threat-unpatched-servers http://www.symantec.com/connect/blogs/poodle-vulnerability-old-version-ssl-represents-new-threat