at http://dillingers.com/blog ---
Quote
At the time it was discovered, this bug affected 37% of all HTTPS servers. The Apache web server using all but the very latest version of OpenSSL was the primary vulnerable server. At that time Apache was serving 58% of all web servers on the Internet, and more than half of these were vulnerable because they had not been updated with the most recent patch of OpenSSL.
Apache mod_ssl, in particular, made this even worse. Because it is computationally expensive to generate RSA keys, mod_ssl, by default, generates a single export-grade RSA key when the server starts up and then re-uses it for all the sessions served until the server shuts down. So an attacker obtaining a 512-bit RSA key could take the few hours to factor it, and the server that used that key would still be up — enabling the attacker to read and modify further traffic on the fly until it reboots.
The uptime for Apache servers running on stable operating systems can reach weeks or months. Essentially, they get started once after a kernel upgrade forces a reboot, and do not shut down until rebooting the machine for the next kernel upgrade or a hardware failure. So, having gotten the key once, an attacker could read and modify the traffic on that server for weeks.
The websites whitehouse.gov, nsa.gov, and fbi.gov (including the FBI anonymous tips website) were all among the sites whose servers were vulnerable, meaning that the buggy security decisions of decades before had resulted in a bug that reduced the security of the very same organizations that had made the decisions. Which goes to show that if you don’t get good decisions, at least you eventually get irony.
Web browsers afflicted included Internet Explorer on Windows, Chrome on MacOS and Android, Safari on MacOS and iOS, Opera on MacOS and Linux, as well as the stock browsers provided with Blackberry and Android devices. FREAK was short-lived after its public announcement, because the web servers afflicted could fix it by downloading a new version of OpenSSL already available, and security patches for the browsers started coming out just a few hours after the attack was announced.
Apache mod_ssl, in particular, made this even worse. Because it is computationally expensive to generate RSA keys, mod_ssl, by default, generates a single export-grade RSA key when the server starts up and then re-uses it for all the sessions served until the server shuts down. So an attacker obtaining a 512-bit RSA key could take the few hours to factor it, and the server that used that key would still be up — enabling the attacker to read and modify further traffic on the fly until it reboots.
The uptime for Apache servers running on stable operating systems can reach weeks or months. Essentially, they get started once after a kernel upgrade forces a reboot, and do not shut down until rebooting the machine for the next kernel upgrade or a hardware failure. So, having gotten the key once, an attacker could read and modify the traffic on that server for weeks.
The websites whitehouse.gov, nsa.gov, and fbi.gov (including the FBI anonymous tips website) were all among the sites whose servers were vulnerable, meaning that the buggy security decisions of decades before had resulted in a bug that reduced the security of the very same organizations that had made the decisions. Which goes to show that if you don’t get good decisions, at least you eventually get irony.
Web browsers afflicted included Internet Explorer on Windows, Chrome on MacOS and Android, Safari on MacOS and iOS, Opera on MacOS and Linux, as well as the stock browsers provided with Blackberry and Android devices. FREAK was short-lived after its public announcement, because the web servers afflicted could fix it by downloading a new version of OpenSSL already available, and security patches for the browsers started coming out just a few hours after the attack was announced.
