5 March 2015
If you read the news yesterday, you might have come across the latest large scale security flaw to hit the headlines. In keeping with the tradition of giving sensationalised names to security threats, the flaw has been called “FREAK attack”, which sounds a lot like being jumped on by a carnival clown!
What it actually involves is an old government policy from the States, whereby software developers had to use weakened security in their encryption programs if they were to be sold outside the US.
It’s now come to light that some internet browsers and websites still accept this weaker software. As you can imagine, this leaves their users more vulnerable to hackers attempting to break through the encryption and access sensitive information.
When you think about it, it seems quite timely after David Cameron’s comments about encryption and the need for greater powers to tap into online communication.
Learning from our mistakes is important, but in this situation we can learn from the mistakes of others, namely the US government. As this latest security flaw demonstrates, if you weaken or get rid of encryption it will make transactions and doing business online unworkable and insecure.
Hopefully, in light of this vulnerability, the British government will realise that previous suggestions about opening up online communication to greater scrutiny is a risk that’s simply not worth taking.