ebrke Posted March 6, 2015 Share Posted March 6, 2015 Apparently yesterday's reports that windows was safe from the FREAK vulnerability have proved wrong. According to Ars Technica, windows browsing with IE is vulnerable, so far Firefox still okay: http://arstechnica.com/security/2015/03/stop-the-presses-https-crippling-freak-bug-affects-windows-after-all/ 2 Quote Link to comment Share on other sites More sharing options...
V.T. Eric Layton Posted March 6, 2015 Share Posted March 6, 2015 Chromium in Slackware. Quote Link to comment Share on other sites More sharing options...
Corrine Posted March 6, 2015 Share Posted March 6, 2015 It isn't only browsers/OSes that are vulnerable but websites as well. From what I've read, Gregg Keiser describes it best in Time to FREAK out? How to tell if you're vulnerable: FREAKin' vulnerability. A vulnerable server does not necessarily mean that traffic between your browser and the website can be sniffed. Both the browser and the server must support the export-grade cipher suites in order for an attack to be successful. "You are vulnerable if you use a Web browser that uses a buggy TLS library to connect, over an insecure network, to an HTTPS server that offers export cipher suites," the researchers wrote in a summary of their findings. So even if you're connecting to sec.gov, the website of the U.S. Securities and Exchange Commission, and one of the sites that supports export cipher libraries (as of early Wednesday), you're safe if you're using, say, Chrome on OS X, because the latter does not support export suites. Only if both ends are insecure -- such as a Safari-to-sec.gov connection -- are you vulnerable. 1 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.