FREAK

FREAK Flaw Removal Crawley

Security experts have discovered a potentially catastrophic flaw that for more than a decade has made it possible for attackers to decrypt HTTPS-protected traffic passing between Android or Apple devices and hundreds of thousands or millions of websites. Here’s everything users and system administrators need to know in order to stay safe now.

freak

UPDATED. Great, just great. FREAK, the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) security hole, isn’t only in programs that use Apple’s SSL implementation or old OpenSSL. We now know that FREAK is present in Microsoft’s Secure Channel (SChannel) stack too.

FREAK enables SSL Man-in-the-Middle attacks because of bad security decisions made almost two decades ago. As Andrew Avanessian, Avecto’s EVP of consultancy and technology services, told me in an e-mail, “The FREAK attack is clear evidence of how far back the long tail of security stretches. As new technologies emerge, and cryptography hardens, many simply add on new solutions without removing out-dated and vulnerable technologies. This effectively undermines the security model you are trying to build.”

Video about Freak Flaw Attack

What users can do

If you’re playing the security game at home, here’s the current list of current-day programs that can be attacked by FREAK. Any program using Microsoft’s SSL/TLS, such as Internet Explorer (IE) on Windows Vista, 7, 8, and 8.1 and Windows Server 2003. While Microsoft doesn’t mention earlier, no longer broadly supported operating systems, such as Windows XP, it’s safe to presume they’re vulnerable as well.

Windows Server 2008 and 2012, if they’re used as desktops instead of servers, can also be attacked. As servers their default configurations are safe because they don’t support FREAK’s weak spot: obsolete export SSL ciphers. Server 2003, however, does support these weak SSL cryptographic keys and there’s no way to turn it off.

Read more here…

Read more about computer security here…

Source: Steven J. Vaughan-Nichols

Image source: [AndreasS]

qa Crawley computer centre are going to be holding some Q & A sessions in their shop. These sessions will start with a short talk on the subject chosen and followed by Q&A afterwards. Some of the sessions will be Free and some will include a charge if we are actually training you how to build your own website for example.
Read More

iphonapp Do you have a great idea for an iPhone App? It could be cheaper to create than you think.Give us a call for a realistic quote. Need help on how to market your iPhone App? Practical tips on how to market your iPhone App
Read More

iphonapp Are you using social media to promote your business yet?It used to be that if you didnt have a website then you were way behind the times, but now the social media marketing craze is here you need to be on top of your game and learn how to use the top 3 social networking sites. Dont get left behind.
Read More