What is FREAK FLAW?

Back in 90s National Security Agency (NSA) wanted to utilize the new thrilling encryption scheme called Secure Socket Layer (SSL), for communications with outside world. For this NSA was able to bring Netscape on same page. Netscape was the leader of the time in browser business, so it introduces 40-bit encryption security scheme for International Edition of its software, while keep 128-bit version for US. As the time goes new giants emerge in the era of browser software and in 2000 now any browser can use higher security encryption that was reserved for US only. But the browsers continue to use code for support 40-bit encryption SSL, which is of course a week security scheme. And after 15 years that security loop is considered to be biggest threat.

How Microsoft fits in?

Now we know the “FREAK FLAW”, an attacker can use it to attack Secure Socket Layer (SSL) and Transport Security Layer (TSL). Now Microsoft uses “Secure Channel”, AKA “Schannel”, which is a set of security protocols that provide the identity and security when one is using encryption for communications. Microsoft uses Schannel primarily in internet apps that require communications over Hyper Text Transfer Protocol (HTTP).

Microsoft is aware of a security feature bypass vulnerability in Secure Channel (Schannel) that affects all supported releases of Microsoft Windows.

After finding this situation now the companies are trying their best to fix the systems that are vulnerable to the flaw, but Microsoft is the top because now releasing of Windows 10, it wasn’t aware of this face of security, which can derail it product launch in future.