| Author |
Topic: FREAK OUT Alert! Patch coming for Windows and IE |
Wiz Feinberg
From:
Mid-Michigan, USA
|
Posted 7 Mar 2015 9:22 am |
|
I won't bore you with the technical details, but there is another browser vulnerability that was recently discovered that is known to affect both web servers and Windows computers, as well as the default Android web browsers (not Chrome), Safari (no surprise) and all versions of Internet Explorer. Linux computers (especially those running web servers) may also be at risk, depending on the make and version of web browser and SSL certificates that have been installed.
Not affected are recent and current versions of Firefox and Chrome browsers. There is a FREAK test page you can use to see if your browsers are safe from this exploit. Run that page from each web browser you have installed on your computer or hand held device. Some will be safe, others will not.
For instance, I tested my PC with Firefox, then Google Chrome. Both came back as unaffected. But, I then ran the test from the latest version of Internet Explorer (11) and got this result in red:
| Quote: |
Warning! Your browser is vulnerable to the FREAK attack. It can be tricked into using weak encryption if you visit a vulnerable website. We encourage you to update your browser right away. |
This means that I, like most of you, will have to wait for Microsoft to release or push out a patch for this new vulnerability; one going back a decade.
The hard core technical details about the FREAK vulnerability are found here. That page also has a browser safety test at the top.
Note: JavaScript must be enabled to test your browsers. So, allow scripting if you use the NoScript Add-on for FF.
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog |
|
|
|
Dave Potter
From:
Texas
|
Posted 7 Mar 2015 9:54 am
|
|
| Thanks for the heads-up, Wiz. I got the same result you did with IE. And my Firefox and Chrome came up clean. |
|
|
|
Wiz Feinberg
From:
Mid-Michigan, USA
|
|
|
|
Donny Hinson
From:
Glen Burnie, Md. U.S.A.
|
Posted 11 Apr 2015 1:25 pm
|
|
My IE8 won't even load that (freak test) webpage.  |
|
|
|
Wiz Feinberg
From:
Mid-Michigan, USA
|
Posted 11 Apr 2015 5:22 pm
|
|
| Donny Hinson wrote: |
| My IE8 won't even load that (freak test) webpage. :( |
It loads in my IE 11 in one second.
Then there is something wrong with your browser. A toolbar, spyware, or other add-ons could be interfering.
Your version of IE is way outdated. Have you thought about upgrading it to a newer version? IE 11 is the current version for Windows 7 and newer. What version of Windows you are using.
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog |
|
|
|
Charlie McDonald
From:
out of the blue
|
Posted 15 Apr 2015 8:09 am
|
|
Firefox ran OK but Chrome got the red vulnerability warning.
If I uninstall>re-install Chrome, will it it wipe out my favorites (including my file of Forum backpages?)
_________________
Those that say don't know; those that know don't say.--Buddy Emmons |
|
|
|
Wiz Feinberg
From:
Mid-Michigan, USA
|
Posted 15 Apr 2015 3:26 pm
|
|
| Charlie McDonald wrote: |
Firefox ran OK but Chrome got the red vulnerability warning.
If I uninstall>re-install Chrome, will it it wipe out my favorites (including my file of Forum backpages?) |
Chrome browsers (recent versions) were not vulnerable to the FREAK exploit. You must have a really old version to get red flagged with it.
Upgrade ASAP. If you already have the current version, it is seriously misconfigured, perhaps by an evil extension. Your settings are safe if you uninstall and reinstall the latest version.
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog |
|
|
|
