Important Warning: Freak attack: a new security flaw

[Technoglitch]

I've heard people talking about a new security flaw called FREAK. What is it?
FREAK (also known as the Factoring Attack on RSA-EXPORT Keys vulnerability or CVE-2015-0204) is a newly-discovered flaw in SSL/TLS, the technology which is supposed to secure your communications across the net.

What's so bad about bugs in SSL/TLS?
If the encryption you are relying on for your HTTPS connections is flawed, malicious hackers or intelligence agencies could break it and intercept your communications. They could launch attacks, and potentially sniff out your passwords and private messages.
FREAK attack: What is it? Here's what you need to know
Check here if your browser is free from this gltich
Tracking the FREAK Attack

 

[Technoglitch]

An old US policy requiring weaker encryption for export products is exposing millions of iPhones, Android devices, Mac OS X computers and around 97,000 websites to attack, say researchers.

Although the policy was aimed at the export market in the 1990s and has since been discontinued, products and services using the weakened cryptography are still to be found, including inside the US.

PAVEL IGNATOV - FOTOLIA

The latest SSL vulnerability to be discovered allows attackers to intercept HTTPSconnections between vulnerable devices and web servers of supposedly secure websites.

Researchers have found that once intercepted, the connnections can be forced to use export-grade cryptography, even if the weak algorithms are disabled by default.

This weakened cryptography could becracked within hours using cloud computing capacity that could be hired for $100 or less, cryptographer Matthew Green told theWashington Post.


US policy exposes Apple and Google devices to Freak attack

 

[Technoglitch]

“Microsoft is aware of a security feature bypass vulnerability in Secure Channel (Schannel) that affects all supported releases of Microsoft Windows,” reads the advisory. “Our investigation has verified that the vulnerability could allow an attacker to force the downgrading of the cipher suites used in an SSL/TLS connection on a Windows client system. The vulnerability facilitates exploitation of the publicly disclosed FREAK technique, which is an industry-wide issue that is not specific to Windows operating systems. When this security advisory was originally released, Microsoft had not received any information to indicate that this issue had been publicly used to attack customers.”

The company says it’s currently working on a fix, which could come either as part of a future Patch Tuesday bundle or in the form of an out-of-band security update. In the meantime, the company recommends that those running Windows Vista or later “disable RSA key exchange ciphers
using the Group Policy Object Editor” in order to mitigate the threat. The entire procedure can be found here.

Microsoft: Windows Not Immune to FREAK Attack | Maximum PC

 

[IndianMascot]

This means all https site are vulnerable which include even the banking sites as well.

 

[DashMajor]

Windows is not a safe OS even with license key.

 

[Akash Modi]

Informative share Technoglitch bro

 

[Technoglitch]

This means all https site are vulnerable which include even the banking sites as well.

just like last year, heartbleed bug.
Anirudha, even the hardest linux OS browser is not even flawless,

 

[DashMajor]

just like last year, heartbleed bug.
Anirudha, even the hardest linux OS browser is not even flawless,

Tat might be because of Firefox ?

 

[Technoglitch]

Tat might be because of Firefox ?

safari browser too.

 

[DashMajor]

safari browser too.

But MAC OS itself having flaws.