![]() |
FREAK vulnerability affects Safari, Android - Printable Version +- MacResource (https://forums.macresource.com) +-- Forum: My Category (https://forums.macresource.com/forumdisplay.php?fid=1) +--- Forum: Tips and Deals (https://forums.macresource.com/forumdisplay.php?fid=3) +--- Thread: FREAK vulnerability affects Safari, Android (/showthread.php?tid=177099) Pages:
1
2
|
FREAK vulnerability affects Safari, Android - ka jowct - 03-05-2015 Re: FREAK vulnerability affects Safari, Android - silvarios - 03-05-2015 This seems pretty bad. Re: FREAK vulnerability affects Safari, Android - jdc - 03-05-2015 FREAK: Am I Vulnerable? You are vulnerable if you use a web browser that uses a buggy TLS library to connect, over an insecure network, to an HTTPS server that offers export ciphersuites. If you use Chrome or Firefox to connect to a site that only offers strong ciphers, you are probably not affected. For a list of insecure sites, see FREAKAttack.com Seems like it would take a perfect storm for that to happen. Re: FREAK vulnerability affects Safari, Android - silvarios - 03-05-2015 Perfect storm? How about an iPhone or Android phone at a coffee shop? Or the local library? Or any public WiFi network? Re: FREAK vulnerability affects Safari, Android - jdc - 03-05-2015 silvarios wrote: Seems to only meet about 1.5 of the 4 criteria. Re: FREAK vulnerability affects Safari, Android - silvarios - 03-05-2015 Web browser with buggy TLS library on an unsecured network, then it's a matter of the connected websites. 12% of the web is a lot. Re: FREAK vulnerability affects Safari, Android - jdc - 03-05-2015 12% of the web is small. Re: FREAK vulnerability affects Safari, Android - silvarios - 03-05-2015 jdc wrote: Not if the websites get a lot of hits. Re: FREAK vulnerability affects Safari, Android - jdc - 03-05-2015 12% is still 12%. Re: FREAK vulnerability affects Safari, Android - silvarios - 03-05-2015 jdc wrote: No it really isn't. Let's say that 12% was Amazon, Facebook and a couple of the biggest Chinese sites. See the difference. Now, to be perfectly fair, those are not the sites vulnerable. However, American Express alone is a top 1000 site in the world. Top 100 in the USA. This is a problem, why downplay it? |