Freak ‪#‎MITM‬ Vulnerability Extends To Most ‪#‎Browsers‬, ‪#‎Microsoft‬ OSes


In early March 2015, security researchers discovered a SSL/TLS vulnerability attack and dubbed it "Freak." This vulnerability allows an attacker using a Man In The Middle attack to force communications into using a weaker 512-bit encryption, as opposed to the more secure 1024-bit. In turn, this weaker encryption could be broken in a matter of hours.
Originally identified as affecting web browsers on Google's Android and Apple's iOS and OSX, Freak's security flaw now extends to almost every browser, according to the team of computer scientists from University of Michigan, who maintain freakattack.com. This includes many versions of Internet Explorer, Chrome and Safari. On Windows operating systems, only Internet Explorer was affected; Chrome and Firefox remain on the safe list.
Along with the browser vulnerability, Microsoft revealed that Windows servers are susceptible to the attack.
Any server that can "accept RSA_EXPORT cipher suites" is putting clients at risk, according to Freak Attack, where information around the vulnerability has been posted along with a list of the world's most popular websites that remain unpatched.
Beyond the browser issues, Microsoft has issued Security Bulletin MS15-031, which alerted users to further implications of the Freak technique, showing the same insecurities of any servers using SChannel (Microsoft's implementation of TLS/SSL method) to communicate.
All Microsoft operating systems appear to be affected by the Freak attack, ranging from Windows Server 2003 all the way up to the unreleased Windows Server Technical Preview. Clients are just as bad, with Microsoft listing Vista and above as vulnerable, too.
Because the research team published details of its findings, Microsoft has been very quick to release information around the exploit, along with patches to operating systems and browsers that are still supported by the company.
Microsoft was also quick to point out that the security hole is "an industry-wide issue that is not specific to Windows operating systems," making it clear that the company is not solely taking the blame for this. To its credit, Microsoft has acted quickly, taking less than two days to publish Security Advisory 3046015, which contains workarounds, before official patches were made available.
Websites that check for unpatched servers and browsers have popped up quickly, such as KeyCDN's Freak Check, which is aimed at system administrators to check the status of their publicly available servers.
Freak gives users of unsupported systems such as Windows Server 2003 Service Pack 1, Windows XP and any other older systems yet another reason to upgrade, and let's hope they do soon.

Comments

Post a Comment

Popular posts from this blog

How to make ‪#‎symbols‬ with your ‪#‎keyboard‬

Image
Alt + 0153..... ™... trademark symbol Alt + 0169.... ©.... copyright symbol Alt + 0174..... ®....registered trademark symbol Alt + 0176 ...°......degre­e symbol Alt + 0177 ...±....plus-or­-minus sign Alt + 0182 ...¶.....paragraph mark Alt + 0190 ...¾....fractio­n, three-fourths Alt + 0215 ....×.....multi­plication sign Alt + 0162...¢....the cent sign Alt + 0161.....¡..... .upside down exclamation point Alt + 0191.....¿..... ­upside down question mark Alt + 1...........smiley face Alt + 2 ......☻.....bla­ck smiley face Alt + 15.....☼.....su­n Alt + 12......♀.....f emale sign Alt + 11.....♂......m­ale sign Alt + 6....... ♠ .....s­pade Alt + 5....... ♣ ...... ­Club Alt + 3............. ­Heart Alt + 4....... ♦ ...... ­Diamond Alt + 13......♪.....e­ighth note Alt + 14......♫...... ­beamed eighth note Alt + 8721.... ∑.... N-ary summation (auto sum) Alt + 251.....√.....s­quare root check mark Alt + 8236.....∞..... ­infinity Alt + 24.......↑..... ­up arrow Alt + 25......↓...... ­down arrow
Read more

How to Protect Your Computer from Malware and Viruses

Image
  Protecting your computer from malware and viruses is essential to ensure the security and integrity of your personal and sensitive data. Here are some effective steps you can take to safeguard your computer: 1. Install Antivirus Software: A reputable antivirus program is your first line of defense against malware and viruses. Choose a well-known and up-to-date antivirus software, and regularly update its virus definitions. 2. Keep Your Operating System Updated: Regularly update your operating system (e.g., Windows, macOS, Linux) and applications with the latest security patches. This helps to address vulnerabilities that malware could exploit. 3. Use a Firewall: Enable the built-in firewall on your operating system or install a third-party firewall. Firewalls monitor and control incoming and outgoing network traffic, acting as a barrier against unauthorized access. 4. Be Cautious with Email: Malicious attachments and links often come through email. Be wary of opening attachments or c
Read more

How to Turn Wi-Fi On or Off With a Keyboard or Desktop Shortcut in Windows

Image
Some laptops come with “Wi-Fi” function keys or switches that can quickly enable or disable your Wi-Fi. If your PC doesn’t have one of these, though, you can make one with the tools built into Windows. You’ll need to start by creating a desktop or start menu shortcut. Once you’ve done that, you can invoke it with a keyboard shortcut, if you like. Step One: Find the Name of Your Wi-Fi Connection First, you’ll need to check the name of your Wi-Fi connection. You’ll need this to write the commands that enable and disable the Wi-Fi connection. Head to Control Panel > Network and Internet > Network and Sharing Center > Change Adapter Settings. Note the name of the Wi-Fi connection you want to disable. In the screenshot below, the name of the connection is “Wi-Fi”. Step Two: Create the Desktop Shortcuts Now that you know the name of the connection, you can create the desktop shortcuts you need. Right-click the Windows desktop and select New > Shortcut to creat
Read more