Discussion in 'other security issues & news' started by ronjor, Mar 3, 2015.
No further news on this as of yet -
MS KB Issued -
Why there have not been many discussion about Freak here?
It's quite serious one, not only this itself but also its implication.
Check if Windows is affected by the Freak Attack vulnerability
by Martin Brinkmann on March 6, 2015 in Security - Last Update: March 6, 2015 2
Freak Attack is the name of a new SSL/TLS vulnerability that came to light on March 3, 2015. The vulnerability can be exploited by hackers to weaken the encryption used between clients and servers when HTTPs connections are used.
Affected are servers, according to a site that is tracking the issue 9.5% of Alexa's top 1 million domain names but also web browsers such as Chrome, Safari and Internet Explorer.
Browser's are not necessarily vulnerable on all systems they support. Chrome is for instance vulnerable on Android and Mac OS X but not on Windows.
Firefox appears to be the only browser not affected by the vulnerability at all on all systems it supports.
Since Internet Explorer is affected by the vulnerability on Windows, it is important to check whether your PC is vulnerable and do something about it if that is the case.
The easiest way to do that is to use the Freak Client Test Tool which tests for the vulnerability and reports back if your browser is vulnerable or not.
Attack of the week: FREAK (or 'factoring the NSA for fun and profit').
FREAK is fixed but POODLE still isn't, at least on iOS.
Separate names with a comma.