Windows users are also vulnerable to FREAK snooping attacks

You should be FREAKing out because of this encryption bug found in Windows and Internet Explorer. And if you are still the one using Windows XP, then most probably your PC is affected too, but don't wait Windows to send you any security updates on the way because Windows XP support ended on April 8, 2014.

Windows 10 Tech Preview, Courtesy of Microsoft

In a security advisory released Thursday, Microsoft has confirmed that Windows was and still is, in fact, vulnerable to FREAK (Factoring attack on RSA-EXPORT Keys). Earlier this week there were rumors that IE and Windows users were not affected by this bug.

What is FREAK?
It allows an attacker to intercept HTTPS connections between vulnerable clients and servers and force them to use weakened encryption, which the attacker can break to steal or manipulate sensitive data. FreakAttack.com is dedicated to tracking the impact of the attack and helping users test whether they’re vulnerable.

Popular sites that are vulnerable to this attack include sohu.com, businessinsider.com, groupon.com, kohls.com, and mit.edu.

HTTPS Sites That Support RSA Export Suites

How can you protect yourself?
Make sure you have the most recent version of your browser installed, and check for updates frequently. Updates that fix the FREAK attack should be available for all major browsers soon.

Source: http://www.computerworld.com/article/2893370/time-for-all-windows-users-to-freak-out-over-encryption-bug.html
http://en.wikipedia.org/wiki/FREAK

Comments

Post a Comment

Popular posts from this blog

Stubbing and Mocking Static Methods with PHPUnit

Image
PHPUnit has ability to stub and mock static methods. Consider the class Foo : <?php class Foo { public static function doSomething() { return static::helper(); } public static function helper() { return 'foo'; } } ?> To test the static helper() function with PHPUnit, you can write you test like that: <?php class FooTest extends PHPUnit_Framework_TestCase { public function testDoSomething() { $class = $this->getMockClass( 'Foo', /* name of class to mock */ array('helper') /* list of methods to mock */ ); $class::staticExpects($this->any()) ->method('helper') ->will($this->returnValue('bar')); $this->assertEquals( 'bar', $class::doSomething() ); } } ?> The new staticExpects() method works similar to the non-static expects
Read more

Enable HTTP/2 Support in AWS ELB

Image
This thread  was started more than a year ago, asking for when Amazon Web Services will add support for HTTP/2  into their ELB. In addition to that, people are also asking, how to configure ELB to support multiple SSL certificates. AWS support team has been reluctant on giving out any specific details on when both of these features will be available, citing: I've verified that the ELB team is aware of the interest in ELB supporting HTTP/2. Please keep an eye on What's New from Amazon Web Services: http://aws.amazon.com/new/ for any updates. What is HTTP/2? HTTP/2 is a replacement for how HTTP is expressed “on the wire.” It is not a ground-up rewrite of the protocol; HTTP methods, status codes and semantics are the same, and it should be possible to use the same APIs as HTTP/1.x (possibly with some small additions) to represent the protocol. HTTP/2 protocol is supported by major modern browsers including IE11, Edge 13, Firefox 47, Chrome 52, Safari 9.1, Opera 38, i
Read more

How To Attach Your EBS volume to multiple EC2 instances

Image
Are you exhausted from the complexities and the extra cost associated with the EFS? What if you simply need to share the EBS volume between two EC2 instances? Say no more - Amazon Web Services has an answer for you! Starting today, customers running Linux on Amazon Elastic Compute Cloud (EC2) can take advantage of new support for  attaching  Provisioned IOPS ( io1 ) EBS volumes to  multiple EC2 instances , at  no extra charge ! Multi-Attach option in EBS According to AWS, the Multi-Attach capability makes it easier to achieve higher availability for applications that provide write-ordering to maintain storage consistency. Consider the following scenario: you are running a web application behind the load balancer, and the application expects static assets, such as WordPress media uploads, theme or configuration files, shared between the instances. Instead of using EFS, you could create new PIOPS EBS volume with the Multi-Attach option, mount the volume on each s
Read more