Windows users are also vulnerable to FREAK snooping attacks

You should be FREAKing out because of this encryption bug found in Windows and Internet Explorer. And if you are still the one using Windows XP, then most probably your PC is affected too, but don't wait Windows to send you any security updates on the way because Windows XP support ended on April 8, 2014.

Windows 10 Tech Preview, Courtesy of Microsoft

In a security advisory released Thursday, Microsoft has confirmed that Windows was and still is, in fact, vulnerable to FREAK (Factoring attack on RSA-EXPORT Keys). Earlier this week there were rumors that IE and Windows users were not affected by this bug.

What is FREAK?
It allows an attacker to intercept HTTPS connections between vulnerable clients and servers and force them to use weakened encryption, which the attacker can break to steal or manipulate sensitive data. FreakAttack.com is dedicated to tracking the impact of the attack and helping users test whether they’re vulnerable.

Popular sites that are vulnerable to this attack include sohu.com, businessinsider.com, groupon.com, kohls.com, and mit.edu.

HTTPS Sites That Support RSA Export Suites

How can you protect yourself?
Make sure you have the most recent version of your browser installed, and check for updates frequently. Updates that fix the FREAK attack should be available for all major browsers soon.

Source: http://www.computerworld.com/article/2893370/time-for-all-windows-users-to-freak-out-over-encryption-bug.html
http://en.wikipedia.org/wiki/FREAK

Comments

Popular posts from this blog

Stubbing and Mocking Static Methods with PHPUnit

MongoDB: Remove an Arbiter From a Replica Set

Enable HTTP/2 Support in AWS ELB