Mike
Well-Known Member
For those who are unaware, there is a pretty nasty SSL/TLS vulnerability that allows attackers to intercept HTTPS traffic between vulnerable Web browsers and servers, forcing them to use weakened encryption to gain access to the client machines.
In a nutshell, this site is an HTTPS site. Assuming you are running a secure browser, all traffic transmitted from this site to your browser and back is encrypted. However, if you are running an insecure browser, then this vulnerability comes into play, and will allow attackers to gain access to your machines, by forcing your machine to use weakened ciphers, which are easily broken.
The FREAK flaw attacks almost all major browsers, so there is a real chance you are being affected by this flaw.
Internet Explorer, Chrome on Android OS and Mac OS (a patch is now available for Mac OS), Safari on Mac OS and iOS (patches expected sometime next week), the standard Android browser, the Blackberry browser, and Opera (Linux and Mac OS versions) are all affected by this flaw.
(Anyone notice that Mozilla Firefox is not on that list? Have you switched to Firefox, yet?)
As a heads-up, Microsoft, Apple, and Google will all be releasing patches within the next few days, so be looking for the patches and upgrade your browsers, as soon as possible. Stick a post-it note on your monitor to remind you, because this one is serious.
Until patches are available, those of us running Firefox are wondering what the fuss is all about, so allow me to recommend installing and running Firefox. Again.
Once you know you are using a secure browser, you are going to have to update all of your passwords, to ensure you are secure. So be sure to add a second post-it note, to remind you of this need.
For now, please visit this Web site - https://freakattack.com/ - to check your browser's vulnerability.
I have just rolled through all of my installed browsers, and all of them (Chromium, Chrome, Epiphany, Firefox, Firefox Nightly, Midori, Opera, Palemoon, and Vivaldi) are showing up as being safe from the attack. When you visit the FREAK Attack site, a blue bar will indicate that your browser is safe. I've no clue what an insecure browser will show, as all of mine are up to snuff. (Have I ever mentioned how much I love using Linux?)
If you are running Windows and Internet Explorer, you are vulnerable. All versions of Windows and all versions of Internet Explorer have fallen to this exploit. Start checking for updates, because your machine suddenly has no locks on the doors, or on the (wait for it) windows.
LastPass users, the default LastPass mobile browser is affected, so switch over to Firefox mobile.
Sit up and pay attention to this one, else you might find yourself looking at your shoes. The fixes are simple, with the most certain amounting you to simply switching over to a secure browser platform.
Firefox can be downloaded, free of charge, for all platforms (Windows, Mac OS X, and Linux) here - https://www.mozilla.org/en-US/firefox/new/
In a nutshell, this site is an HTTPS site. Assuming you are running a secure browser, all traffic transmitted from this site to your browser and back is encrypted. However, if you are running an insecure browser, then this vulnerability comes into play, and will allow attackers to gain access to your machines, by forcing your machine to use weakened ciphers, which are easily broken.
The FREAK flaw attacks almost all major browsers, so there is a real chance you are being affected by this flaw.
Internet Explorer, Chrome on Android OS and Mac OS (a patch is now available for Mac OS), Safari on Mac OS and iOS (patches expected sometime next week), the standard Android browser, the Blackberry browser, and Opera (Linux and Mac OS versions) are all affected by this flaw.
(Anyone notice that Mozilla Firefox is not on that list? Have you switched to Firefox, yet?)
As a heads-up, Microsoft, Apple, and Google will all be releasing patches within the next few days, so be looking for the patches and upgrade your browsers, as soon as possible. Stick a post-it note on your monitor to remind you, because this one is serious.
Until patches are available, those of us running Firefox are wondering what the fuss is all about, so allow me to recommend installing and running Firefox. Again.
Once you know you are using a secure browser, you are going to have to update all of your passwords, to ensure you are secure. So be sure to add a second post-it note, to remind you of this need.
For now, please visit this Web site - https://freakattack.com/ - to check your browser's vulnerability.
I have just rolled through all of my installed browsers, and all of them (Chromium, Chrome, Epiphany, Firefox, Firefox Nightly, Midori, Opera, Palemoon, and Vivaldi) are showing up as being safe from the attack. When you visit the FREAK Attack site, a blue bar will indicate that your browser is safe. I've no clue what an insecure browser will show, as all of mine are up to snuff. (Have I ever mentioned how much I love using Linux?)
If you are running Windows and Internet Explorer, you are vulnerable. All versions of Windows and all versions of Internet Explorer have fallen to this exploit. Start checking for updates, because your machine suddenly has no locks on the doors, or on the (wait for it) windows.
LastPass users, the default LastPass mobile browser is affected, so switch over to Firefox mobile.
Sit up and pay attention to this one, else you might find yourself looking at your shoes. The fixes are simple, with the most certain amounting you to simply switching over to a secure browser platform.
Firefox can be downloaded, free of charge, for all platforms (Windows, Mac OS X, and Linux) here - https://www.mozilla.org/en-US/firefox/new/
