An international research team has devised attack called FREAK (Factoring attack on RSA Export Keys) with which it is possible to lower the level of encryption used in SSL connections. Attack is based on forcing server and client to use legacy (the vulnerability has been present for a long time) weak cryptographic suites which are still supported by some of the mainstream browsers (Safari and OpenSSL-based Android browser among others) and servers.
Dramatic information security incidents and news were unfortunately fairly common in February – we will shortly remember three of the most interesting ones. Most attention was probably gained by a story about an alleged theft of massive amount of encryption keys used in mobile communication from the network of Dutch company Gemalto (a major SIM card supplier) by NSA and GCHQ. The keys could be used to decrypt live communication and also, for example, remotely inject malicious code into end devices.