FREAK: Another bug that Threaten the World

FREAK is the latest encryption bug discovered by a team of security researchers. This bug will put the users secure web connection at risk and also exposes the users sensitive information. Previously it was thought that this bug was only limited to the Apple and Google browsers but the latest revelations suggest that flaw leaves communication between affected users and websites open to interception on almost every platform..

Microsoft, Google, Apple and all other companies are working on their patches to overcome this bug named as FREAK.  But it is still days away. The Question is How the user can protect himself in the mean time? The Answer of this Question is simple. User should avoid those platforms that are more Vulnerable to this bug. The next thing you should do is to avoid those websites that are Vulnerable to this bug named FREAK.

What is FREAK and How can you tackle this bug?

The FREAK flaw affects SSL/TLS, the protocol that creates a secure
connection between you and a website. The secure connection is created
when you connect with HTTPS and have a padlock in your browser address
bar. That “lock” means that your personal data is encrypted when it’s
sent to the website.

This Freak flaw has affected some major browsers like:

  • Internet Explorer – Windows
  • Safari                    – Mac OS / iOS
  • Chrome                – Mac OS / Android
  • Opera                   – Mac OS / LINUX
  • Stock Browser     – Blackberry / Android

The only browser which the security team believes is not Vulnerable to all operating systems including Android and iOS mobile devices and tablets is Mozila Firefox.  All users should install Mozila in their devices to tackle this FREAK bug until their Operating systems came up with patches which will take probably few days.

Sites that are Vulnerable to FREAK

The list of sites that are vulnerable to this bug is endless. Even sites that are on HTTPS are not secure from this bug. The list of sites include retail to government and lots of things in between. Some of the highest-traffic domains that are affected include Business Insider, American Express, Groupon, Bloomberg, NPR, Kohls, and MIT. A number of very high-profile government sites were also affected, including the NSA, the FBI, and the White House’s sites, as well as the site (USA-Jobs) that all applicants for any federal job must use.

Recommended Steps 

Update with all patches when available 
Microsoft, Apple, and Google will all be releasing patches within the next few days, so it’s critical to update your system when those patches are available.

Use Firefox to browse securely 

Until patches are available for the above affected browsers, you may want to use Firefox on iOS, Android, and Mac OS to securely browse the web and connect to your online accounts.

Replace vulnerable passwords 

Though it’s unlikely that you were attacked, as devices and websites are patched it may be a good time to change the passwords to any accounts accessed on any of your devices shown to be vulnerable. You can also use the LastPass Security Challenge to review the strength of your passwords. Our Auto-Password Change feature will also help you replace passwords automatically. It’s important to use a different, strong password on every website, so that a password stolen from one website can’t be used to login to any of your other accounts.

Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

How to Exploit Heartbleed using Metasploit in Kali Linux

Heartbleed vulnerability (registered as CVE-2014-0160) is a security bug present in the older version of OpenSSL cryptographic library. OpenSSL is a cryptographic toolkit used...

How to Install Parrot Security OS on VirtualBox in 2020

Parrot Security OS is a free GNU/LINUX distribution, released on 10th April 2013. It is a mixture of Kali Linux and Frozenbox OS, aims to...

How to Install Kali Linux on VirtualBox [Windows Host] in 2020

Kali Linux is a Debian based Linux distribution, released on the 13th March 2013 as a complete rebuild of BackTrack Linux. It is one of...

Acunetix v13 Release Introduces Groundbreaking Innovations

The newest release of the Acunetix Web Vulnerability Scanner further improves performance and premieres best-of-breed technologies London, United Kingdom – February 5, 2019 – Acunetix,...