Warning - Freak vulnerability on ecommerce

[rolygate]

A security warning for ecommerce purchases has been published Friday March 7th.

Some browsers have an HTTPS encryption vulnerability that can lead to your data being stolen by the web traffic being intercepted and the code easily cracked.

Check to see if your browser passes the exploit test below.


More info - see:
BBC News - Millions at risk from 'Freak' encryption bug

Browser / OS details:
https://freakattack.com

Exploit test:
https://cve.freakattack.com

If the page loads correctly then your browser / OS has an exploit. Reports are it says 'Vulnerable'.
If the page does not load you're OK.
It affects communications made on HTTPS - this usually means purchases via ecommerce. There is no issue with regular traffic. It just means encrypted traffic isn't properly protected. In theory this means card details could be stolen by intercepting the traffic between your device and the server.


Firefox can fail
Looks as if Firefox can fail in cases where an antivirus has a proxy that is vulnerable. Avast Web Shield is reported to cause a fail. If you have Firefox but get a fail - the page loads and says VULNERABLE - then maybe you have a faulty a/v. No doubt it will be patched soon. With Avast, open it then turn off the Web Shield.

 

[Nermal]

Not sure what 'loads correctly' means. Mine loaded with the word 'vulnerable' on an otherwise blank page. Does that mean vulnerable? Sounds like a silly question, I'm sure.

 

[Rickajho]

My ancient version of FireFox ain't having it:

Secure Connection Failed


An error occurred during a connection to cve.freakattack.com.

SSL received an unexpected Server Key Exchange handshake message.

(Error code: ssl_error_rx_unexpected_server_key_exch)

 

[Rickajho]

Not sure what 'loads correctly' means. Mine loaded with the word 'vulnerable' on an otherwise blank page. Does that mean vulnerable? Sounds like a silly question, I'm sure.

No silly questions, especially about this topic.

I think that's a bad you got there. Roly? Any input?

 

[rolygate]

@Nermal
Looks like your browser / OS combo is vulnerable - if it connects OK then it can be exploited.

Take a look at the browser / OS details page and see if there is a patch. Unless you have IE it will be patched fast, maybe it already has a fix. What do you have there?

Just means buying online is risky until you get it fixed.


@Rickajho
Looks like yours is OK, it won't accept the weak connection.

Apparently all Firefox versions / OS combinations are safe anyway.



My Ffx or Opera won't load the page so are OK apparently.

Some Chrome and Safari versions are vulnerable. Safari on Windows is no longer safe to use anyway, it's not supported any more.

 

[Technonut]

Thanks for the heads-up.... Page can't be displayed on my end.. Good to go.

 

[Nermal]

Thanks, Roly. I guess I'm looking at foxfire before I do any more shopping.

 

[Rickb119]

Mine passed.......by failing.

 

[smokinGAVIN]

Not sure what 'loads correctly' means. Mine loaded with the word 'vulnerable' on an otherwise blank page. Does that mean vulnerable? Sounds like a silly question, I'm sure.

I have the latest version of safari and mine did that too.

 

[LittleBird]

I have the latest version of safari and mine did that too.

Mine, too. Apple is supposed to be releasing a patch, this coming week.

 

[PaulBHC]

Firefox 36 on Ubuntu linux here and failed with warning.

I had a problem ordering from a normal vendor a couple of weeks ago because I got a warning that the certificate had expired. A few days later the vendor posted on facebook that they had fixed it and I was able to order then.

 

[Sgt. Pepper]

thanks, roly. I'm vulnerable. Using windows 7 with IE. I guess I will switch over to FF, or wait for the fix from MS and not purchase anything until then.

 

[Katmar]

Thanks, Roly....very helpful. Good to know I am good to go!!!!!

 

[oplholik]

Windows 8.1, IE, Vunerable. guess I'll wait for the fix, hope it's not too much longer.

 

[justincase]

The fastest fix for IE users is STOP USING IE!......

I'm all good to go too.
Using latest FF on Windows 8.1

 

[Marc411]

Thanks Roly!

 

[DaveP]

I'm on my new laptop with Win 8.1 and up to date updates. I set up Firefox 36.0 (my favorite) yesterday. The exploit link errors and the browser check says I'm secure.

Good News! Your browser appears to be safe from the FREAK attack.

 

[rowsley]

Mine says vulnerable. Running android 4.4.2 using google chrome....

 

[Niten13]

Passed here as well! Did not load, also gave me a frowny face! ahah

Thank Rolygate!

 

[r77r7r]

Good to go! FF36-win7