FREAK: Another bug that Threaten the World

FREAK is the latest encryption bug discovered by a team of security researchers. This bug will put the users secure web connection at risk and also exposes the users sensitive information. Previously it was thought that this bug was only limited to the Apple and Google browsers but the latest revelations suggest that flaw leaves communication between affected users and websites open to interception on almost every platform..

Microsoft, Google, Apple and all other companies are working on their patches to overcome this bug named as FREAK.  But it is still days away. The Question is How the user can protect himself in the mean time? The Answer of this Question is simple. User should avoid those platforms that are more Vulnerable to this bug. The next thing you should do is to avoid those websites that are Vulnerable to this bug named FREAK.

What is FREAK and How can you tackle this bug?

The FREAK flaw affects SSL/TLS, the protocol that creates a secure
connection between you and a website. The secure connection is created
when you connect with HTTPS and have a padlock in your browser address
bar. That “lock” means that your personal data is encrypted when it’s
sent to the website.

This Freak flaw has affected some major browsers like:

  • Internet Explorer – Windows
  • Safari                    – Mac OS / iOS
  • Chrome                – Mac OS / Android
  • Opera                   – Mac OS / LINUX
  • Stock Browser     – Blackberry / Android

The only browser which the security team believes is not Vulnerable to all operating systems including Android and iOS mobile devices and tablets is Mozila Firefox.  All users should install Mozila in their devices to tackle this FREAK bug until their Operating systems came up with patches which will take probably few days.

Sites that are Vulnerable to FREAK

The list of sites that are vulnerable to this bug is endless. Even sites that are on HTTPS are not secure from this bug. The list of sites include retail to government and lots of things in between. Some of the highest-traffic domains that are affected include Business Insider, American Express, Groupon, Bloomberg, NPR, Kohls, and MIT. A number of very high-profile government sites were also affected, including the NSA, the FBI, and the White House’s sites, as well as the site (USA-Jobs) that all applicants for any federal job must use.

Recommended Steps 

Update with all patches when available 
Microsoft, Apple, and Google will all be releasing patches within the next few days, so it’s critical to update your system when those patches are available.

Use Firefox to browse securely 

Until patches are available for the above affected browsers, you may want to use Firefox on iOS, Android, and Mac OS to securely browse the web and connect to your online accounts.

Replace vulnerable passwords 

Though it’s unlikely that you were attacked, as devices and websites are patched it may be a good time to change the passwords to any accounts accessed on any of your devices shown to be vulnerable. You can also use the LastPass Security Challenge to review the strength of your passwords. Our Auto-Password Change feature will also help you replace passwords automatically. It’s important to use a different, strong password on every website, so that a password stolen from one website can’t be used to login to any of your other accounts.

Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

The Complete OSINT Tutorial to Find Personal Information About Anyone

This article mainly focuses on how to discover a person's digital footprint and gather personal data by using open-source intelligence (OSINT). So, in its...

How to find the password of hacked email addresses using OSINT

Open-source intelligence or OSINT is a potent technique, and it can give a lot of valuable information, if implemented correctly with the right strategy...

How to Identify Company’s Hacked Email Addresses Using Maltego & HaveIbeenPawned

This article is part of the Maltego OSINT tutorial, where you will learn to identify the already hacked account, and it’s password using the...

5 Key Vulnerabilities in Global Payroll

The cyber threat against payroll is growing in sophistication and frequency, according to the latest FBI cybercrime report. Many of these attacks exploit fixable...