Home | Blog | Software | Reviews and Features | Forum | Help | Donate | About us
topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • December 08, 2016, 12:05:50 AM
  • Proudly celebrating 10 years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: Microsoft reveals Windows vulnerable to FREAK SSL flaw  (Read 974 times)

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,220
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Microsoft reveals Windows vulnerable to FREAK SSL flaw
« on: March 07, 2015, 02:05:30 AM »
Another security issue.

http://www.zdnet.com...e-to-freak-ssl-flaw/

Quote
The FREAK security bug that allows attackers to conduct man-in-the-middle attacks on Secure Sockets Layer (SSL) and Transport Layer Security (TLS) connections encrypted using an outmoded cipher has claimed another victim. This time, it is Microsoft's Secure Channel stack.

"Microsoft is aware of a security feature bypass vulnerability in Secure Channel (Schannel) that affects all supported releases of Microsoft Windows," the company said in a security advisory. "The vulnerability facilitates exploitation of the publicly disclosed FREAK technique, which is an industry-wide issue that is not specific to Windows operating systems."

Although Microsoft Research was part of the team to uncover FREAK alongside European cryptographers, Redmond chose not to reveal Windows as vulnerable until today.

More at the link.

Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,296
    • View Profile
    • www.StoicJoker.com
    • Donate to Member
Re: Microsoft reveals Windows vulnerable to FREAK SSL flaw
« Reply #1 on: March 07, 2015, 06:26:04 AM »
In other news, it appears that if one was staying up-to-date on any of the other myriad of SSL flaws over the past several years, then you're safe from this on too...when using IE.

This is the same bugg I mentioned in passing here. I did the testing on it then, and all systems passed. I just did the testing at the ZDNet links...and all systems still passed (with IE11).

Since this thing was apparently gestated back in the 90s, shouldn't they be calling it the asleep-at-the-wheel bugg..?

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,220
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: Microsoft reveals Windows vulnerable to FREAK SSL flaw
« Reply #2 on: March 07, 2015, 07:28:25 AM »
In other news, it appears that if one was staying up-to-date on any of the other myriad of SSL flaws over the past several years, then you're safe from this on too...when using IE.

Well, that's some good news.
Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker