A new encryption bug could hit your web browser

BANGALORE, INDIA: A new research by French scientists has shown that major SSL clients including OpenSSL can be compromised with this new vulnerability called the 'Freak' (Factoring Attack on RSA-EXPORT) vulnerability.

Indusface, a provider of application security solutions for web and mobile applications, has issued a security warning elaborating on the vulnerabilities and potential risks of this bug.The 'Freak' encryption bug, which was earlier considered a threat to only certain mobile devices and Apple computers, can actually harm many more browsers and websites, warn experts.

"Vulnerable websites and browsers can allow hackers to enter hundreds and thousands of computers. Attackers use old encryption ciphers and then decrypt messages, passwords and other information," said the company.

What this simply means is that when you visit any susceptible website for online shopping, conducting banking transactions or just browsing, hackers could sneak into your computers and access your confidential data.

The bug impacts the SSL (Secure Socket Layer) and the TLS (Transport Layer Security) cryptographic protocols and allows an attacker to intercept HTTPS connections, using weakened encryption to break into vulnerable devices.