MacResource
FREAK vulnerability affects Safari, Android - Printable Version

+- MacResource (https://forums.macresource.com)
+-- Forum: My Category (https://forums.macresource.com/forumdisplay.php?fid=1)
+--- Forum: Tips and Deals (https://forums.macresource.com/forumdisplay.php?fid=3)
+--- Thread: FREAK vulnerability affects Safari, Android (/showthread.php?tid=177099)

Pages: 1 2


FREAK vulnerability affects Safari, Android - ka jowct - 03-05-2015




Re: FREAK vulnerability affects Safari, Android - silvarios - 03-05-2015

This seems pretty bad.


Re: FREAK vulnerability affects Safari, Android - jdc - 03-05-2015

FREAK: Am I Vulnerable?
You are vulnerable if you use a web browser that uses a buggy TLS library to connect, over an insecure network, to an HTTPS server that offers export ciphersuites. If you use Chrome or Firefox to connect to a site that only offers strong ciphers, you are probably not affected. For a list of insecure sites, see FREAKAttack.com

Seems like it would take a perfect storm for that to happen.


Re: FREAK vulnerability affects Safari, Android - silvarios - 03-05-2015

Perfect storm? How about an iPhone or Android phone at a coffee shop? Or the local library? Or any public WiFi network?


Re: FREAK vulnerability affects Safari, Android - jdc - 03-05-2015

silvarios wrote:
Perfect storm? How about an iPhone or Android phone at a coffee shop? Or the local library? Or any public WiFi network?

Seems to only meet about 1.5 of the 4 criteria.


Re: FREAK vulnerability affects Safari, Android - silvarios - 03-05-2015

Web browser with buggy TLS library on an unsecured network, then it's a matter of the connected websites. 12% of the web is a lot.


Re: FREAK vulnerability affects Safari, Android - jdc - 03-05-2015

12% of the web is small.


Re: FREAK vulnerability affects Safari, Android - silvarios - 03-05-2015

jdc wrote:
12% of the web is small.

Not if the websites get a lot of hits.


Re: FREAK vulnerability affects Safari, Android - jdc - 03-05-2015

12% is still 12%.


Re: FREAK vulnerability affects Safari, Android - silvarios - 03-05-2015

jdc wrote:
12% is still 12%.

No it really isn't. Let's say that 12% was Amazon, Facebook and a couple of the biggest Chinese sites. See the difference. Now, to be perfectly fair, those are not the sites vulnerable. However, American Express alone is a top 1000 site in the world. Top 100 in the USA. This is a problem, why downplay it?