Buying online? Check your browser security for the 'Freak exploit'

[defdock]

google chrome: version 40.0.2214.115

"SSL connection error"

 

[retired1]

Gawd. There are times I really hate the media and "non-tech" writers trying to write about tech related issues. The underlying issue goes beyond "server patches" and is related to the non-export laws and how cipher security was required to be implemented in years past. It's now coming home to roost, and the ultimate fix goes far beyond a simple "server patch".

It's not THAT serious of a flaw (Heartbleed and Shellshock were far more serious). But you'd think the sky was falling according to most media outlets.

For a more balanced read, check this out.

Here's exactly why FREAK is such a dangerous exploit | ITProPortal.com

 

[qorax]

Apple is supposedly pushing a fix sometime next week. Until then, NO SHOPPING FOR YOU!

LOL Been purchasing online since yrs now with Safari/Mac ~ and had been hit only once till date ~ and that was only while vape shopping

 

[newyork13]

It's the only thing I have. Everything is Mac here, eight of them, since 2007. So what should I do?

Q, maybe I've misunderstood, but why don't you just use Firefox or the latest Chrome, neither of which seems vulnerable.

 

[mightymen]

flaw in Android and Apple devices cripples HTTPS crypto protection

Security experts have discovered a potentially catastrophic flaw that for more than a decade has made it possible for attackers to decrypt HTTPS-protected traffic passing between Android or Apple devices and hundreds of thousands or millions of websites, including AmericanExpress.com, Bloomberg.com, NSA.gov, and FBI.gov.

In recent days, a scan of more than 14 million websites that support the secure sockets layer or transport layer security protocols found that more than 36 percent of them were vulnerable to the decryption attacks. The exploit takes about seven hours to carry out and costs as little as $100 per site.
“FREAK” flaw in Android and Apple devices cripples HTTPS crypto protection | Ars Technica

 

[mightymen]

It's the only thing I have. Everything is Mac here, eight of them, since 2007. So what should I do?

Green said that Google is in the process of delivering a version of Chrome for Macs that is immune to the attack, so Mac users should look out for that, as well.

“FREAK” flaw in Android and Apple devices cripples HTTPS crypto protection | Ars Technica