Skip to comments.
Time for all Windows users to FREAK out over encryption bug
ComputerWorld ^
| Mar 6, 2015
| Gregg Keizer
Posted on 03/07/2015 5:30:46 PM PST by dayglored
Microsoft on Thursday confirmed that Windows was vulnerable to FREAK attacks, and researchers changed their tune, saying Internet Explorer (IE) users were at risk.
The news was a turnabout from earlier in the week, when researchers initially fingered only Apple's iOS and OS X and Google's Android operating systems as those that could fall victim to cybercriminals spying on purportedly secure communications between browsers and website servers.
By adding Windows to the list, the number of jeopardized users jumped dramatically: Windows powered 92% of all personal computers last month.
In a security advisory released Thursday, Microsoft said Windows was, in fact, vulnerable to FREAK (Factoring attack on RSA-EXPORT Keys).
"Microsoft is aware of a security feature bypass vulnerability in Secure Channel (Schannel) that affects all supported releases of Microsoft Windows," Microsoft said in the advisory. "Our investigation has verified that the vulnerability could allow an attacker to force the downgrading of the cipher suites used in an SSL/TLS connection on a Windows client system."
...
(Excerpt) Read more at computerworld.com ...
TOPICS:
KEYWORDS: freak; internetexplorer; microsoft; ssl; windows
Navigation: use the links below to view more comments.
first 1-20, 21-40, 41-60, 61-80, 81-91 next last
For a few days, it appeared Windows users didn't have to worry about this rather nasty bug -- Apple and Android got all the attention.
But it is confirmed by Microsoft and other researchers that in fact, Windows users need to be aware and patch their systems ASAP.
1
posted on
03/07/2015 5:30:46 PM PST
by
dayglored
To: ShadowAce; Swordmaker
Heads up guys. Ping to appropriate lists, please.
2
posted on
03/07/2015 5:31:14 PM PST
by
dayglored
(Listen, strange women lying in ponds distributing swords is...sounding pretty good about now.)
To: dayglored
IE? Is that still around? And how did Gate$ manage to get compensated for that?
3
posted on
03/07/2015 5:32:32 PM PST
by
Paladin2
To: dayglored
>
"Microsoft is aware of a security feature bypass vulnerability in Secure Channel (Schannel) that affects all supported releases of Microsoft Windows," Microsoft said in the advisory. That's everybody, folks.
And you people still running Windows XP -- tough beans, you ain't getting a patch.
4
posted on
03/07/2015 5:33:28 PM PST
by
dayglored
(Listen, strange women lying in ponds distributing swords is...sounding pretty good about now.)
To: dayglored
I have had two security updates from Windows in the past two weeks. Plus, Norton has always been updating everyday, so I have not had any issues.
Exactly what is supposed to happen if you do get the bug ..??
5
posted on
03/07/2015 5:39:00 PM PST
by
CyberAnt
("The hope and changey stuff did not work, even a smidgen.")
To: rdb3; Calvinist_Dark_Lord; JosephW; Only1choice____Freedom; amigatec; Still Thinking; ...
6
posted on
03/07/2015 5:42:40 PM PST
by
ShadowAce
(Linux -- The Ultimate Windows Service Pack)
To: dayglored; null and void; Slings and Arrows
It isn’t a bug if it was purposeful.
Does anyone really think NSA didn’t use it to snoop?
7
posted on
03/07/2015 6:04:18 PM PST
by
Darksheare
(Those who support liberal "Republicans" summarily support every action by same.)
To: CyberAnt
>
Exactly what is supposed to happen if you do get the bug ..?? Somebody steals your identity, your financial info, your passwords, whatever you THOUGHT was encrypted.
http://en.wikipedia.org/wiki/FREAK
8
posted on
03/07/2015 6:20:59 PM PST
by
dayglored
(Listen, strange women lying in ponds distributing swords is...sounding pretty good about now.)
To: dayglored
Well, with Norton and LifeLock, I don’t expect any surprises.
9
posted on
03/07/2015 6:23:24 PM PST
by
CyberAnt
("The hope and changey stuff did not work, even a smidgen.")
To: dayglored
But it is confirmed by Microsoft and other researchers that in fact, Windows users need to be aware and patch their systems ASAP. Hmmmmm . . . I think I shall have tell someone, not necessarily you, I TOLD YOU SO!
10
posted on
03/07/2015 6:26:57 PM PST
by
Swordmaker
(This tag line is a Microsoft insult free zone... but if the insults to Mac users contnue...)
To: dayglored
Firefox just did an “important!” point release. I wonder if this was why?
11
posted on
03/07/2015 6:29:47 PM PST
by
FreedomPoster
(Islam delenda est)
To: CyberAnt
> Well, with Norton and LifeLock, I dont expect any surprises.
I don’t think those will help prevent it, although Lifelock may help you recover.
This is something in Windows and IE that only Microsoft can fix, as far as I know.
12
posted on
03/07/2015 6:50:37 PM PST
by
dayglored
(Listen, strange women lying in ponds distributing swords is...sounding pretty good about now.)
To: FreedomPoster
I don’t know. I suppose it could be related, but I wouldn’t bet on it solving the basic underlying problem.
13
posted on
03/07/2015 6:53:36 PM PST
by
dayglored
(Listen, strange women lying in ponds distributing swords is...sounding pretty good about now.)
To: Swordmaker
Hi Sword,
Well, it’s certainly not the first time a bunch of tech whores, sorry, journalists got their rocks off writing a headline with “Apple” in it. It’s all about those page hits... And they aren’t so likely with a vulnerability that affects Windows too. That’s like, “big deal, yawn...”
14
posted on
03/07/2015 6:56:40 PM PST
by
dayglored
(Listen, strange women lying in ponds distributing swords is...sounding pretty good about now.)
To: dayglored
Well, its certainly not the first time a bunch of tech whores, sorry, journalists got their rocks off writing a headline with Apple in it. Its all about those page hits... And they arent so likely with a vulnerability that affects Windows too. Thats like, big deal, yawn... They sure did get their page hits, didn't they. . . and it IS Apple FUD Season, after all.
15
posted on
03/07/2015 6:59:46 PM PST
by
Swordmaker
(This tag line is a Microsoft insult free zone... but if the insults to Mac users contnue...)
To: CyberAnt
Dogs sleep with cats, burning hail falls, sulfurous fumes rise from the earth, the Federal Reserve closes its doors, widespread panic...
The usual stuff.
16
posted on
03/07/2015 7:00:55 PM PST
by
Axenolith
(Government blows, and that which governs least, blows least...)
To: dayglored; FreedomPoster
Firefox just did an important! point release. I wonder if this was why?
Glad to see you are following the time-honored Free Republic tradition of posting without reading the source article, which included this graphic:
17
posted on
03/07/2015 7:01:13 PM PST
by
867V309
(Boehner is the new Pelosi)
To: Swordmaker
>
it IS Apple FUD Season, after all. True, although to be accurate, this one, at least, isn't FUD. It's a real vulnerability, and a serious one.
It amazes me that the old RSA short-key handling etc. wasn't purged a decade ago. Geez, guys.
18
posted on
03/07/2015 7:04:05 PM PST
by
dayglored
(Listen, strange women lying in ponds distributing swords is...sounding pretty good about now.)
To: 867V309; FreedomPoster
>
Glad to see you are following the time-honored Free Republic tradition of posting without reading the source article,... LOL. Thanks for posting the graphic.
19
posted on
03/07/2015 7:05:55 PM PST
by
dayglored
(Listen, strange women lying in ponds distributing swords is...sounding pretty good about now.)
To: dayglored
I’ve already patched my server. Currently working on POODLE/TLSv1.
20
posted on
03/07/2015 7:10:53 PM PST
by
__rvx86
(Rafael Cruz Jr: soon to be the first conservative, Latino President of the U.S. Si se puede!)
Navigation: use the links below to view more comments.
first 1-20, 21-40, 41-60, 61-80, 81-91 next last
Disclaimer:
Opinions posted on Free Republic are those of the individual
posters and do not necessarily represent the opinion of Free Republic or its
management. All materials posted herein are protected by copyright law and the
exemption for fair use of copyrighted works.
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson