Technology security experts are warning computer and mobile device owners of a major new SSL (Secure Sockets Layer) vulnerability. This old but recently discovered flaw could allow hackers to perform a man-in-the-middle attack on Android and Apple devices. Microsoft is also warning its customers that ALL Windows operating systems are at risk from the vulnerability known as Freak, for “Factoring RSA-EXPORT Keys.”
SSL is the standard security technology for establishing an encrypted link between a web server and a web browser. A man-in-the-middle attack is the technological equivalent of a pass intercepted in a football game. Simply put, the link between your computer and your bank’s server or the server of an online merchant is intercepted.
The SSL link makes certain that all data transmitted between you and your bank remain totally secret. The Freak security flaw makes it possible for a hacker to force encryption software to downgrade from using a stronger encryption to a weaker and easily breakable weaker encryption. This flaw affects potentially millions of websites and even more computers and mobile devices.
There is history behind the Freak flaw that dates back more than two decades to the 1990’s. U.S. companies were required by the government to deliberately weaken the strength of encryption keys they shipped outside the U.S. The law allowed a maximum strength encryption key length of 512 bits. Computers today make child’s play of this encryption. According to noted cryptographer Matthew Green, of Johns Hopkins University, the U.S. government demanded this so the NSA could access foreign communications, all the while making it look like the U.S. was helping to provide adequate encryption for everyone.
The following software and platforms are affected by the Freak security flaw.
Browsers;
- Microsoft Internet Explorer – Security advisory
- Programs using Microsoft’s SSL/TLS, such as Internet Explorer (IE) on Windows Vista, 7, 8, and 8.1 and Windows Server 2003. While Microsoft makes no mention of earlier, un-supported operating systems, such as Windows XP. So be safe and assume they are vulnerable as well.
- Google Chrome for MAC OS – Patch is coming next week
- Google Chrome for Android
- Safari on MAC OD – Patch is coming next week
- Safari on iOS – Patch is coming next week
- Stock Android Browser
- Blackberry Browser
- Opera Browser on MAC OS
- Opera Browser on Linux
Companies and people using Windows Server 2003 or XP need to be especially alert. Windows XP is no longer being supported without a special contract and Windows Server 2003 support life ends in July. Microsoft may issue a patch for this problem but they make no promises. If you are using these outdated operating systems you need to upgrade…now!
(Source: https://freakattack.com/)
To check if your browser is vulnerable use the FREAK Client Test Tool.
You can also find a list of vulnerable websites at freakattack.com.
Breaking It Down
Here is another more serious problem you need to be aware of. Ninety percent of ATM’s in the U.S. are running on Windows XP. Microsoft is no longer supporting the XP OS without a special contract. And as you have read it is vulnerable to the Freak.
Black consumers need to be alert to this fact because no one knows what banks have upgraded their ATMs or if they have secured the needed support from Microsoft. Because of the Freak vulnerability you need to get with your bank and ask, directly, if they have Microsoft support or have they upgraded their ATM’s? You need to know this because your bank may be vulnerable. The last thing you need is to discover none of your bank’s ATM’s are working and the bank doors are locked because they failed to upgrade their security and got hacked. It could happen. And you know black people don’t play when comes to money!