Download
1 / 4
40 likes | 167 Views
Factoring Attack on RSA-EXPORT Keys, TLC/SSL vulnerability affects certain SSL clients, misconfigured web servers and web delivery services. However, Instart Logic customers who are on software-defined application delivery service (SDAD) are not vulnerable to the FREAK attack as the network is configured to disable these weak encryption protocols. Gain insight on SDAD platform: http://www.instartlogic.com/technology/software-defined-application-delivery/
E N D
INSTART LOGIC CUSTOMERS NOT IMPACTED BY ‘FREAK’ ATTACK BY GABRIEL COELHO-KOSTOLNY
A TLS/SSL vulnerability was announced yesterday, titled FREAK (Factoring Attack on RSA-EXPORT Keys CVE-2015-0204). Much like POODLE and other recent TLS/SSL attacks, this vulnerability affects certain SSL clients (particularly older web browsers), as well as misconfigured web servers and web delivery services. Instart Logic customers on our software-defined application delivery service (SDAD) are not vulnerable to the FREAK attack as our network is configured to disable these weak encryption protocols.
While the Instart Logic service is not vulnerable to this attack, customers’ origin servers may still be vulnerable. We encourage all our customers to assess their origin servers and other devices and take steps to remediate this vulnerability if it is present. To determine whether your web server is vulnerable, customers can use the following OpenSSL command, substituting their website name for “www.instartlogic.com”: openssls_client -cipher EXPORT -connect www.instartlogic.com:443 Vulnerable servers will return a server certificate, while servers that are not vulnerable will return an error. Instart Logic is committed to protecting our customers. We continually monitor and deploy the latest and most innovative encryption techniques to ensure that our customers are always secure. If you have any questions, please contact Support at support@instartlogic.comor via phone at 1.888.576.3166 or +1.650.919.8854.
