In the dim and distant past of the internet, around 15 years ago, the United States Government made it illegal for US companies to export software that included strong encryption. IE, encryption that couldn't be cracked by the US's own security and intelligence agencies. Encryption algorithms were classed as munitions, and were illegal to export.
Although those rules have now been relaxed, most internet servers and web browsers still include the old encryption algorithms built in, even though most of them are rarely used. But recently it was discovered that many internet-based systems can be easily fooled into enabling the old, insecure encryption systems rather than using the newer ones. In the case of SSL, which encrypts your credit card information or bank details when you log onto a financial web site, this means that a hacker who intercepted the transmission could crack the password in around 7 hours.
The flaw, known as FREAK, affects many major web browsers on both Windows, iPad, iPod and Android. The best way to protect yourself is to ensure that, whatever platform you use, you keep an eye out for any security fixes issued by software vendors and that you install them as soon as possible. If you don't already have automatic updates enabled in Windows, do it now.
Meanwhile, you can check if your browser is vulnerable by going to https://freakattack.com which will give you an instant indication. In my case, Chrome passed the test but Internet Explorer did not. So you can guess which browser I'll be using for the moment.
Please rate this article: