All Posts

2 posts

Patch Tuesday March 2015

It is March Patch Tuesday 2015, but similar to last month we are having more issues than expected in a normal month. Or maybe that is the new normal: patches from Microsoft, Adobe and a set of other security issues to deal with.

Before we get to these patches, it’s important to note that we also had two out-of-band issues this month: FREAK and Superfish.

Continue reading …

Addressing CVE-2015-0204 FREAK with Qualys VM

This past year we have seen an overwhelming interest in SSL library exploits, and FREAK or "Factoring RSA EXPORT Keys" is another one. The full impact is yet to be known as the flaw was baked in the development of secure web communications, so browsers, web clients and hosts would negotiate the strongest encryption “allowed,” falling back to weaker, “export” protocols as required. The most updated list of browsers appears to include: Internet Explorer, Chrome on Mac OS and Android, Safari on Mac OS and iOS, Blackberry Browser, and Opera on Mac OS and Linux.

Continue reading …