Login

ka jowct · 03-05-2015, 01:32 AM

silvarios · 03-05-2015, 02:29 AM

This seems pretty bad.

jdc · 03-05-2015, 03:24 AM

FREAK: Am I Vulnerable?
You are vulnerable if you use a web browser that uses a buggy TLS library to connect, over an insecure network, to an HTTPS server that offers export ciphersuites. If you use Chrome or Firefox to connect to a site that only offers strong ciphers, you are probably not affected. For a list of insecure sites, see FREAKAttack.com

Seems like it would take a perfect storm for that to happen.

silvarios · 03-05-2015, 04:09 AM

Perfect storm? How about an iPhone or Android phone at a coffee shop? Or the local library? Or any public WiFi network?

jdc · 03-05-2015, 04:23 AM

silvarios wrote:
Perfect storm? How about an iPhone or Android phone at a coffee shop? Or the local library? Or any public WiFi network?

Seems to only meet about 1.5 of the 4 criteria.

silvarios · 03-05-2015, 04:58 AM

Web browser with buggy TLS library on an unsecured network, then it's a matter of the connected websites. 12% of the web is a lot.

jdc · 03-05-2015, 05:07 AM

12% of the web is small.

silvarios · 03-05-2015, 05:09 AM

jdc wrote:
12% of the web is small.

Not if the websites get a lot of hits.

jdc · 03-05-2015, 05:29 AM

12% is still 12%.

silvarios · 03-05-2015, 05:43 AM

jdc wrote:
12% is still 12%.

No it really isn't. Let's say that 12% was Amazon, Facebook and a couple of the biggest Chinese sites. See the difference. Now, to be perfectly fair, those are not the sites vulnerable. However, American Express alone is a top 1000 site in the world. Top 100 in the USA. This is a problem, why downplay it?

Login
Username:
Password:	Lost Password?
	Remember me