back to article PATCH FREAK NOW: Cloud providers faulted for slow response

Hundreds of cloud providers are still vulnerable to the serious FREAK cryptographic vulnerability. Skyhigh Networks found that 766 cloud services are still at risk 24 hours after FREAK was made public, based on an analysis of more than 10,000 different services. The average company is using 122 potentially vulnerable services …

0
0
Alert

Vulnerabilities and their names/websites

If not serious enough, think of a serious name, register a website for it. That will get the media to copy....

Red Hat upgraded it from low to medium risk now, yes it's a bug but no where near some other recent scary bugs.

1
0

Patch?

I think "Patch" implies that the software binary needs to be updated in the cloud providers. Thats misleading.

The bug is in the browsers. If the server is CONFIGURED to allow weak ciphers to be negotiated then a man-in-the-middle attach can be used to force a buggy browser to negotiate a weak cipher even if it is configured not to.

The server can prevent this from happening by a configuration change only. Of course removing support for weak ciphers in future releases is also a good idea. It also means that its even more unforgivable that services are sill accepting these obsolete ciphers because it just means nobody bothered to change a config file.

0
0
Anonymous Coward

Re: Patch?

A patch is a patch, regardless if its victim is a binary or text file....but I know what you mean.

Anyways, just how much of this "cloud" is yours when you can't configure this yourself? I *thought* you had full control over your "cloud"? Why would you want a "cloud" otherwise...just storage?

0
0

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2018