+- MacResource (https://forums.macresource.com)
+-- Forum: My Category (https://forums.macresource.com/forumdisplay.php?fid=1)
+--- Forum: Tips and Deals (https://forums.macresource.com/forumdisplay.php?fid=3)
+--- Thread: FREAK vulnerability affects Safari, Android (/showthread.php?tid=177099)
Pages:
1
2
FREAK vulnerability affects Safari, Android - ka jowct - 03-05-2015
Re: FREAK vulnerability affects Safari, Android - silvarios - 03-05-2015
This seems pretty bad.
Re: FREAK vulnerability affects Safari, Android - jdc - 03-05-2015
FREAK: Am I Vulnerable?
You are vulnerable if you use a web browser that uses a buggy TLS library to connect, over an insecure network, to an HTTPS server that offers export ciphersuites. If you use Chrome or Firefox to connect to a site that only offers strong ciphers, you are probably not affected. For a list of insecure sites, see FREAKAttack.com
Seems like it would take a perfect storm for that to happen.
Re: FREAK vulnerability affects Safari, Android - silvarios - 03-05-2015
Perfect storm? How about an iPhone or Android phone at a coffee shop? Or the local library? Or any public WiFi network?
Re: FREAK vulnerability affects Safari, Android - jdc - 03-05-2015
silvarios wrote:
Perfect storm? How about an iPhone or Android phone at a coffee shop? Or the local library? Or any public WiFi network?
Seems to only meet about 1.5 of the 4 criteria.
Re: FREAK vulnerability affects Safari, Android - silvarios - 03-05-2015
Web browser with buggy TLS library on an unsecured network, then it's a matter of the connected websites. 12% of the web is a lot.
Re: FREAK vulnerability affects Safari, Android - jdc - 03-05-2015
12% of the web is small.
Re: FREAK vulnerability affects Safari, Android - silvarios - 03-05-2015
jdc wrote:
12% of the web is small.
Not if the websites get a lot of hits.
Re: FREAK vulnerability affects Safari, Android - jdc - 03-05-2015
12% is still 12%.
Re: FREAK vulnerability affects Safari, Android - silvarios - 03-05-2015
jdc wrote:
12% is still 12%.
No it really isn't. Let's say that 12% was Amazon, Facebook and a couple of the biggest Chinese sites. See the difference. Now, to be perfectly fair, those are not the sites vulnerable. However, American Express alone is a top 1000 site in the world. Top 100 in the USA. This is a problem, why downplay it?