Windows PCs are also vulnerable to"FREAK" flaw

By Shawn Knight ยท 8 replies
Mar 6, 2015
Post New Reply
  1. https-crippling freak windows apple microsoft android ios https bug vulnerability encryption flaw microsoft windows freak flaw export encryption export-grade encryption strong encryption

    The FREAK flaw that first surfaced early this week was initially only thought to affect software that relied on OpenSSL or Apple’s Secure Transport (think Android, iOS and OS X). Microsoft has since released a security advisory indicating its Windows operating system is also vulnerable.

    The Redmond-based company noted that it is aware of a security feature bypass vulnerability in Secure Channel (Schannel) that affects all supported releases of Microsoft Windows. An investigation has verified that the vulnerability could allow an attacker to force the downgrading of the cipher suite used during an SSL / TLS connection.

    As outlined earlier this week, the FREAK flaw allows an attacker to request what’s called an export cipher. This 512-bit encryption key is very weak by today’s standards and can be cracked in roughly half a day for around $100 using Amazon Web services.

    Microsoft said it was working with partners in its Microsoft Active Protections Program to provide more information on how to better protect customers. Once that is complete, they will move forward with a fix – one that’ll likely consist of a patch through an out-of-cycle update.

    Apple said earlier this week that it plans to issue a patch for FREAK sometime next week. Google also has a solution in the works which they’ve already issued to hardware partners.

    You can check to see if your browser is vulnerable by visiting the website.

    Permalink to story.

  2. VitalyT

    VitalyT Russ-Puss Posts: 3,670   +1,960

    The only "FREAK" flaw that Windows users are vulnerable to is called Linux :)
  3. jobeard

    jobeard TS Ambassador Posts: 11,173   +989

    • Opera 10.63 is immune
    • Google Chrome 40.0.2214 is EXPOSED
    • Firefox 36.0.1 is EXPOSED
  4. war59312

    war59312 TS Booster Posts: 131   +11

    You do know that Chrome 41 is the stable build, which is immune to this.
  5. Skidmarksdeluxe

    Skidmarksdeluxe TS Evangelist Posts: 8,647   +3,274

    The only two "FREAK" flaws that Windows users are vulnerable to are called Linux & OS X :)
    It was a slight oversight on your behalf but not to worry, I fixed it for you.
  6. tipstir

    tipstir TS Ambassador Posts: 2,477   +126

    Got Chrome 42 64-DEV loaded. Still suffers from lag still under Facebook. Pale moon 64-bit better.
  7. fyrfaktry

    fyrfaktry TS Member Posts: 18

    All 64-bit browsers suck.
  8. jobeard

    jobeard TS Ambassador Posts: 11,173   +989

    grrr; Rather childish imo. Would appear that these comments are from those FREAKED out, after all, the issue one of browser cryptography, not the platform(s). Apologies to everyone else.
    Last edited: Mar 7, 2015
  9. Skidmarksdeluxe

    Skidmarksdeluxe TS Evangelist Posts: 8,647   +3,274

    Sorry, I couldn't resist it. VitaliT is an Apple freak and I was yanking his chain.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...