“Technology companies are scrambling to fix a major security flaw that for more than a decade left users of Apple and Google devices vulnerable to hacking when they visited hundreds of thousands of supposedly secure Web sites, including Whitehouse.gov, NSA.gov and FBI.gov,” Craig Timberg reports for The Washington Post. “The flaw resulted from a former U.S. government policy that once forbid the export of strong encryption and required that weaker ‘export-grade’ products be shipped to customers in other countries, say the researchers who discovered the problem. These restrictions were lifted in the late 1990s, but the weaker encryption got baked into widely-used software that proliferated around the world and back into the United States, apparently unnoticed until this year.”
“Researchers discovered in recent weeks that they could force browsers to use the old export-grade encryption then crack it over the course of just a few hours. Once cracked, hackers could steal passwords and other personal information and potentially launch a broader attack on the Web sites themselves by taking over elements on a page, such as a Facebook ‘Like’ button,” Timberg reports. “The problem illuminates the danger of unintended security consequences at a time when top U.S. officials, frustrated by increasingly strong forms of encryption on smartphones, have spoken of requiring technology companies to build ‘[back] doors’ into systems to protect the ability of law enforcement and intelligence agencies to conduct surveillance.”
“In recent days, FBI.gov and Whitehouse.gov have been fixed, though NSA.gov remains vulnerable, said Green. Apple is preparing a security patch that will be in place next week for both its computers and its mobile devices, said company spokeswoman Trudy Miller,” Timberg reports. “Google declined to comment for this story. It typically has more trouble delivering security updates because the company does not sell or manufacture most devices using the Android operating system.”
Read more in the full article here.
MacDailyNews Take: This is ironic on so many levels.
So, why were the weaker encryption products forced by the U.S. back in the 1990s? Hmmm…
Life is a tragedy when seen in close-up, but a comedy in long-shot. – Charlie Chaplin
[Thanks to MacDailyNews Readers “Fred Mertz” and “Dan K.” for the heads up.]
Related hypocrisy:
Obama criticizes China’s demands for U.S. tech firms to hand over encryption keys, install backdoors – March 3, 2015
Obama administration demands master encryption keys from firms in order to conduct electronic surveillance against Internet users – July 24, 2013