Close Menu
Technotification
    Facebook X (Twitter) Instagram
    Facebook X (Twitter) Instagram
    Technotification
    • Home
    • News
    • How To
    • Explained
    • Facts
    • Lists
    • Programming
    • Security
    • Gaming
    Technotification
    Home › Security › WTF!! What is the FREAK vulnerability? Why Should i care ?

    WTF!! What is the FREAK vulnerability? Why Should i care ?

    By Vikram Singh RaoOctober 15, 2015
    Facebook Twitter Reddit LinkedIn
    freak_security_vulnerability

    Last year, the OpenSSL vulnerability called Heartbleed causes so much problem for the internet users. It was one of the most dangerous security flaws because it affected every big website and allowed hackers to hack SSL protected websites. However, There’s another widespread vulnerability on the internet called ‘FREAK’ and it has affected a lot of internet websites and browsers.

    The FREAK is the acronym for Factoring RSA Export Keys flaw. FREAK is a bug that allows attackers access to secure communications. It was discovered in software that was used to encrypt data that went from web servers to web users. It has been in existence for a decade now but was only thought to affect Apple’s Safari as well as Google’s Android browsers. Now however, Windows has been added to that mix.

    It affects all versions of Windows which use Internet Explorer. All Microsoft Software that utilizes the Secure Channel via the Windows — Secure Sockets Layer and its descendant, the Transport Layer Security also has FREAK Vulnerability.

    FREAK vulnerability permits an attacker to easily intercept data that is moving between the source site and a visitor to use a weak encryption which makes it possible and easy to crack the data and reach sensitive information such as passwords as well as access the data on that page. This FREAK flaw was exposed by encryption and security guru Karthikeyan Bhargavan.

    The FREAK vulnerability gives the attacker an easy channel to forcefully downgrade any coded suite that is used in SSL/TLS connections on the system of a Windows Client System. The FREAK technique is an issue that affects the whole industry and if left unsolved might lead to software crisis worldwide.

    In an attempt to value the impact of this bug a group has been set up to evaluate and gather numbers regarding the worldwide risk. A 9.5% of the overall worldwide web’s one million websites have been found with Freak Vulnerability and are therefore prone to attacks. They have introduced an online tool so people can check whether the browser they are using is at risk.

    To counter the Freak Vulnerability, Google has updated its Chrome Version for the Mac but Android is still on review. Apple is also geared to introduce a solution soon. There have been various advisories from Microsoft concerning how to eliminate the Freak Vulnerability. Unfortunately, these solutions can lead to very severe problems with other programs. Because of this, other better solutions are being sought. Microsoft is expected to address the issue with its scheduled patch Tuesday update or an irregular one.

    Though there has been no report of the use of this flaw for cyber crime, the frenzy with which a solution is being sought reflects its seriousness. Microsoft has even suggested that Windows users disable their RSA export ciphers in the meantime.

    Many experts blame the FREAK flaw on the earlier US policy bans that barred the strongest encryption standard appliance. This allowed the infiltration of weaker standards in most software including Web browsers and Windows. This was done so as to allow intelligence agencies to keep an eye on web action. The remnants of this ban are the cause of the FREAK vulnerability today.

    According to the miTLS Team, which discovered this FREAK security hole in the first place, the following SSL/TLS client libraries, are vulnerable:

    • OpenSSL (CVE-2015-0204): < 1.0.1k version.
    • BoringSSL:  Older than Nov 10, 2014 version .
    • LibReSSL: < 2.1.2 Version.
    • SecureTransport
    • SChannel

    Web browsers that use these TLS libraries are open to attack :

    • Chrome versions before 41 on various platforms are vulnerable.
    • Internet Explorer.
    • Safari is vulnerable.
    • Android Browser is vulnerable.
    • Blackberry Browser is vulnerable.
    • Opera on Mac and Android is vulnerable. .

    It is advisable for all users to keep an eye out for updates so as to protect their systems once a solution is found or switch your web browser to Chrome 41 or Latest Firefox browser. Staying ignorant might cause a lot of long term losses that will be irreparable.

    Share. Facebook Twitter LinkedIn Tumblr Reddit Telegram WhatsApp
    Vikram Singh Rao
    • Website
    • Facebook
    • X (Twitter)
    • LinkedIn

    I am an entrepreneur at heart who has made his hobby turned a passion, his profession now.

    Related Posts

    The Psychology of a Phishing Email: How Scammers Play with Your Mind

    July 16, 2024

    9 Essential Elements of a Strong Cyber Security Management System

    July 3, 2024

    Common Cyber Attacks and How to Prevent Them

    July 3, 2024

    How Cyber Security Paid Training Prepares You for Real-World Threats

    June 13, 2024

    The Role of Security in Server Colocation Environments

    March 12, 2024

    Navigating the Waters: Best Practices for Phishing Testing in 2024

    February 19, 2024
    Lists You May Like

    10 Best RARBG Alternative Sites in April 2025 [Working Links]

    April 1, 2025

    10 Sites to Watch Free Korean Drama [2025 Edition]

    January 2, 2025

    The Pirate Bay Proxy List in 2025 [Updated List]

    January 2, 2025

    10 Best Torrent Search Engine Sites (2025 Edition)

    February 12, 2025

    10 Best GTA V Roleplay Servers in 2025 (Updated List)

    January 6, 2025

    5 Best Torrent Sites for Software in 2025

    January 2, 2025

    1337x Alternatives, Proxies, and Mirror Sites in 2025

    January 2, 2025

    10 Best Torrent Sites for eBooks in 2025 [Working]

    January 2, 2025

    10 Best Anime Torrent Sites in 2025 [Working Sites]

    January 6, 2025

    Top Free Photo Editing Software For PC in 2025

    January 2, 2025
    Pages
    • About
    • Contact
    • Privacy
    • Careers
    Privacy

    Information such as the type of browser being used, its operating system, and your IP address is gathered in order to enhance your online experience.

    © 2013 - 2025 Technotification | All rights reserved.

    Type above and press Enter to search. Press Esc to cancel.