FREAK: Another bug that Threaten the World

FREAK is the latest encryption bug discovered by a team of security researchers. This bug will put the users secure web connection at risk and also exposes the users sensitive information. Previously it was thought that this bug was only limited to the Apple and Google browsers but the latest revelations suggest that flaw leaves communication between affected users and websites open to interception on almost every platform..

Microsoft, Google, Apple and all other companies are working on their patches to overcome this bug named as FREAK.  But it is still days away. The Question is How the user can protect himself in the mean time? The Answer of this Question is simple. User should avoid those platforms that are more Vulnerable to this bug. The next thing you should do is to avoid those websites that are Vulnerable to this bug named FREAK.

What is FREAK and How can you tackle this bug?

The FREAK flaw affects SSL/TLS, the protocol that creates a secure
connection between you and a website. The secure connection is created
when you connect with HTTPS and have a padlock in your browser address
bar. That “lock” means that your personal data is encrypted when it’s
sent to the website.

This Freak flaw has affected some major browsers like:

  • Internet Explorer – Windows
  • Safari                    – Mac OS / iOS
  • Chrome                – Mac OS / Android
  • Opera                   – Mac OS / LINUX
  • Stock Browser     – Blackberry / Android

The only browser which the security team believes is not Vulnerable to all operating systems including Android and iOS mobile devices and tablets is Mozila Firefox.  All users should install Mozila in their devices to tackle this FREAK bug until their Operating systems came up with patches which will take probably few days.

Sites that are Vulnerable to FREAK

The list of sites that are vulnerable to this bug is endless. Even sites that are on HTTPS are not secure from this bug. The list of sites include retail to government and lots of things in between. Some of the highest-traffic domains that are affected include Business Insider, American Express, Groupon, Bloomberg, NPR, Kohls, and MIT. A number of very high-profile government sites were also affected, including the NSA, the FBI, and the White House’s sites, as well as the site (USA-Jobs) that all applicants for any federal job must use.

Recommended Steps 

Update with all patches when available 
Microsoft, Apple, and Google will all be releasing patches within the next few days, so it’s critical to update your system when those patches are available.

Use Firefox to browse securely 

Until patches are available for the above affected browsers, you may want to use Firefox on iOS, Android, and Mac OS to securely browse the web and connect to your online accounts.

Replace vulnerable passwords 

Though it’s unlikely that you were attacked, as devices and websites are patched it may be a good time to change the passwords to any accounts accessed on any of your devices shown to be vulnerable. You can also use the LastPass Security Challenge to review the strength of your passwords. Our Auto-Password Change feature will also help you replace passwords automatically. It’s important to use a different, strong password on every website, so that a password stolen from one website can’t be used to login to any of your other accounts.

Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

Blind SQL Injection Tutorial to Hack a Website

In the previous article, we have the basics of SQL Injection; what SQLi is and what are the types of SQL injection. And, In...

What is SQL Injection? Tutorial: Type and Example

What is SQL injection, and what are the types of SQL injection? These are the common questions, and we will seek the answer to...

Are Cisco 300-410 Exam and Its Related Certification Your Pathway to Career Success? Find Out about This

Introduction Career success can mean different things to different people. For some, it could mean having a prestigious title and for others, it could be...

How to Hack Windows 10 Password Using FakeLogonScreen in Kali Linux

This article demonstrates an in-depth guide on how to hack Windows 10 Passwords using FakeLogonScreen. Hacking Windows 10 password is an exciting topic and...