Scam of the day – March 7, 2015 – Don’t FREAK out, but here comes another Heartbleed

Many of you undoubtedly remember the infamous Heartbleed bug about which I reported to you for the first time on April 10, 2014’s Scam of the day.  Heartbleed was the name of a long standing security flaw in the Open SSL encryption security technology used throughout the Internet.  Eventually, this flaw was patched, but not before hackers and identity thieves used Heartbleed’s vulnerability to attack websites for purposes of identity theft.

Now we are facing a similar situation with the discovery of a security flaw referred to as Factoring Attack on RSA-Export Keys and known by the clever acronym FREAK.  Like Heartbleed, FREAK is another long standing bug that has only recently been discovered, but that threatens the security of millions of Internet users as I predicted in my USA Today column of December 12, 2014.

FREAK affects SSL/TLS protocols used to encrypt data as it is transmitted over the Internet and potentially puts at risk personal information sent over the Internet including passwords, banking and credit card information.


The FREAK security flaw has existed since the 1990s, but was only uncovered a few weeks ago by French researchers at the computer science lag INRIA.  Immediately upon discovering FREAK, the researchers notified governments and companies around the world, however, the news of FREAK was only made public earlier this week.  Researchers have been working on security patches for this problem and it is expected that such patches will be released soon.  I will report to you as soon as these patches are available and provide links to the necessary security patches.  As always, it is critical to install security patches and updates as soon as they are available to best protect yourself from hackers and identity thieves.