Turns out that Windows is not immune to the FREAK vulnerability. FREAK (Factoring Attack on RSA-EXPORT Keys) allows weaker encryption to be used on SSL / TLS web sites. Basically, during the Clinton Administration, only the export of the 512 bit RSA key was allowed. In the US we could use the 1024 bit key. Web servers have held on to the legacy keys, which are now exploited. This is a server side fix, but users need to be aware if their bank has a vulnerable web site.
Month: March 2015
Appendix J Cyber Resiliency
FFIEC guidance is out on Cyber Resiliency. Appendix J to the BCP handbook came out in Mid February. The challenge is to incorporate this guidance into the BCP program. Most department / division heads won’t take the time to do BIA’s or help document work flow. Building in cyber resiliency is going to be a challenge.