The costs of running this huge site are paid for by ads. Please consider registering and becoming a Supporting Member for an ad-free experience. Thanks, ECF team.

Warning - Freak vulnerability on ecommerce

Discussion in 'Computer Security' started by rolygate, Mar 7, 2015.

Thread Status:
Not open for further replies.
Image has been removed.
URL has been removed.
Email address has been removed.
Media has been removed.
  1. rolygate

    rolygate Forum Manager Admin Verified Member ECF Veteran

    Supporting member
    Sep 24, 2009
    ECF Towers
    A security warning for ecommerce purchases has been published Friday March 7th.

    Some browsers have an HTTPS encryption vulnerability that can lead to your data being stolen by the web traffic being intercepted and the code easily cracked.

    Check to see if your browser passes the exploit test below.


    More info - see:
    BBC News - Millions at risk from 'Freak' encryption bug

    Browser / OS details:
    https://freakattack.com

    Exploit test:
    https://cve.freakattack.com

    If the page loads correctly then your browser / OS has an exploit. Reports are it says 'Vulnerable'.
    If the page does not load you're OK.
    It affects communications made on HTTPS - this usually means purchases via ecommerce. There is no issue with regular traffic. It just means encrypted traffic isn't properly protected. In theory this means card details could be stolen by intercepting the traffic between your device and the server.


    Firefox can fail
    Looks as if Firefox can fail in cases where an antivirus has a proxy that is vulnerable. Avast Web Shield is reported to cause a fail. If you have Firefox but get a fail - the page loads and says VULNERABLE - then maybe you have a faulty a/v. No doubt it will be patched soon. With Avast, open it then turn off the Web Shield.
     
  2. Nermal

    Nermal Ultra Member ECF Veteran

    Jun 8, 2013
    Farmington, NM USA
    Not sure what 'loads correctly' means. Mine loaded with the word 'vulnerable' on an otherwise blank page. Does that mean vulnerable? Sounds like a silly question, I'm sure.
     
  3. Rickajho

    Rickajho ECF Guru Verified Member ECF Veteran

    Apr 23, 2011
    Boston MA
    My ancient version of FireFox ain't having it:


    :D
     
    • Like Like x 1
  4. Rickajho

    Rickajho ECF Guru Verified Member ECF Veteran

    Apr 23, 2011
    Boston MA
    No silly questions, especially about this topic.

    I think that's a bad you got there. Roly? Any input?
     
  5. rolygate

    rolygate Forum Manager Admin Verified Member ECF Veteran

    Supporting member
    Sep 24, 2009
    ECF Towers
    @Nermal
    Looks like your browser / OS combo is vulnerable - if it connects OK then it can be exploited.

    Take a look at the browser / OS details page and see if there is a patch. Unless you have IE it will be patched fast, maybe it already has a fix. What do you have there?

    Just means buying online is risky until you get it fixed.


    @Rickajho
    Looks like yours is OK, it won't accept the weak connection.

    Apparently all Firefox versions / OS combinations are safe anyway.



    My Ffx or Opera won't load the page so are OK apparently.

    Some Chrome and Safari versions are vulnerable. Safari on Windows is no longer safe to use anyway, it's not supported any more.
     
  6. Technonut

    Technonut
    Moderator
    Verified Member ECF Veteran

    Supporting member
    Oct 11, 2010
    East Coast, USA
    Thanks for the heads-up.... :) Page can't be displayed on my end.. Good to go. ;)
     
  7. Nermal

    Nermal Ultra Member ECF Veteran

    Jun 8, 2013
    Farmington, NM USA
    Thanks, Roly. I guess I'm looking at foxfire before I do any more shopping.
     
  8. Rickb119

    Rickb119 Ultra Member ECF Veteran

    Jul 20, 2013
    Greeley, CO, USA
    Mine passed.......by failing. :)
     
  9. smokinGAVIN

    smokinGAVIN Super Member ECF Veteran

    Sep 2, 2014
    Manila, Philippines
    I have the latest version of safari and mine did that too.
     
  10. LittleBird

    LittleBird Vaping Master Verified Member ECF Veteran

    Dec 7, 2014
    East Coast, USA
    Mine, too. Apple is supposed to be releasing a patch, this coming week.
     
  11. PaulBHC

    PaulBHC Vaping Master ECF Veteran

    Jan 22, 2014
    Arizona
    Firefox 36 on Ubuntu linux here and failed with warning.

    I had a problem ordering from a normal vendor a couple of weeks ago because I got a warning that the certificate had expired. A few days later the vendor posted on facebook that they had fixed it and I was able to order then.
     
  12. Sgt. Pepper

    Sgt. Pepper Vaping Master Verified Member ECF Veteran

    thanks, roly. I'm vulnerable. Using windows 7 with IE. I guess I will switch over to FF, or wait for the fix from MS and not purchase anything until then.:)
     
  13. Katmar

    Katmar Vaping Master ECF Veteran

    Sep 19, 2009
    Pittsburgh, Pa
    Thanks, Roly....very helpful. Good to know I am good to go!!!!!
     
  14. oplholik

    oplholik ECF Guru Verified Member ECF Veteran

    Windows 8.1, IE, Vunerable. guess I'll wait for the fix, hope it's not too much longer.
     
  15. justincase

    justincase Im A Hole Verified Member ECF Veteran

    The fastest fix for IE users is STOP USING IE!......:lol:

    I'm all good to go too.
    Using latest FF on Windows 8.1
     
  16. Marc411

    Marc411 Vaping Master Verified Member ECF Veteran

    Supporting member
    Mar 17, 2014
    Windy City
  17. DaveP

    DaveP PV Master & Musician ECF Veteran

    Supporting member
    May 22, 2010
    Central GA
    I'm on my new laptop with Win 8.1 and up to date updates. I set up Firefox 36.0 (my favorite) yesterday. The exploit link errors and the browser check says I'm secure.

     
  18. rowsley

    rowsley Ultra Member

    Jan 26, 2015
    Celina, Ohio
    Mine says vulnerable. Running android 4.4.2 using google chrome....
     
  19. Niten13

    Niten13 Super Member Verified Member

    Nov 18, 2014
    Tigard, OR, USA
    Passed here as well! Did not load, also gave me a frowny face! ahah

    Thank Rolygate!
     
  20. r77r7r

    r77r7r ECF Guru ECF Veteran

    Feb 15, 2011
    Pa,LandOfTaxes
    Good to go! FF36-win7
     
Thread Status:
Not open for further replies.

Share This Page