TheWindowsClub News

TheWindowsClub Tech News covers the latest Microsoft Windows 10 news, along with other products & services like Office, etc.

New FREAK ATTACK exploits SSL/TLS vulnerability

Thanks to researchers who work day and night to disclose new cyber attacks and their remedies to ensure that we are protected. Recently, researchers disclosed a new SSL/TLS vulnerability called The FREAK Attack. This is the same protocol that is responsible for secure connection between the client and the servers.

SSL/TLS vulnerability

You can understand the level of vulnerability by the fact that it enables people who are involved in hacking and attacking the system with the ability to intercept HTTPS connections. These are the same HTTPS connections that exist between vulnerable clients and the communicating servers. Vulnerable clients are forced to use ‘export-grade’ cryptography, which later on can be decrypted and altered easily causing great damage to the client.

A connection that exists between the client system and server is vulnerable only when the server accepts RSA_EXPORT cipher suites. Client sitting on the other side either offers an RSA_EXPORT suite or is using a version of OpenSSL that is vulnerable to CVE-2015-0204.

Avoiding The FREAK Attack

The Freak attack was discovered by Karthikeyan Bhargavan at INRIA in Paris and the mitLS team. Further developments were handled by Matthew Green and the report is maintained by the computer scientists at the University of Michigan. There are many clients that are affected by this vulnerability like many  Google and Apple devices, a large number of embedded systems and other software products that use TLS without disabling the vulnerable cryptographic suites.

So what is the solution for this?

The solution that can help you from getting trapped is that when you run a web server, just disable the support for any export suites. The best suggestion is that you should disable support for all known insecure ciphers and at the same time enable forward secrecy. If you want, you can still check your website’s vulnerability using the SSL Labs’ SSL Server Test.

You can also check if your web server is attackable with this free SSL vulnerability checker tool against the FREAK attack.

You can find Alexa HTTPS Sites that support RSA Export Suites in detail on FreakAttack.com along with the domain and Alexa rank. Test to see if your browser is safe!

UPDATE: Microsoft Advisory says all its operating systems vulnerable to FREAK.

Updated on Tags:

AnandKhanse@TWC

Anand Khanse is the Admin of TheWindowsClub.com, a 10-year Microsoft MVP Awardee in Windows (2006-16) & a Windows Insider MVP (2016-2022). He enjoys following and reporting Microsoft news and developments in the world of Personal Computing.

Share via
Facebook
X (Twitter)
LinkedIn
Mix
Pinterest
Tumblr
Skype
Buffer
Pocket
VKontakte
Parler
Xing
Reddit
Line
Flipboard
MySpace
Delicious
Amazon
Digg
Evernote
Blogger
LiveJournal
Baidu
MeWe
NewsVine
Yummly
Yahoo
WhatsApp
Viber
SMS
Telegram
Facebook Messenger
Like
Email
Print
Copy Link
Powered by Social Snap
Copy link
CopyCopied
Powered by Social Snap