Warning - Freak vulnerability on ecommerce

Jump to latest Follow Reply
Status
Not open for further replies.
Sort by date Sort by reaction score
DavidOck

DavidOck

ECF Guru
Supporting Member
ECF Veteran
Jan 3, 2013
19,934
169,638
Halfway to Paradise, WA
Thanks for the heads up!

FF36.01 here on Win 7.1 - and came in vulnerable! Reading the freakcheck site, disabled Avast webshield and passed.

Looked into the latest program (not definition) version update of Avast, and was due for an update. Updated Avast to latest program version and all's good with it's web shield running.

While they state Firefox is not vulnerable, it pays to check. Your AV program may "intercept" the https calls, and if it's vulnerable an impervious browser won't help!
 
retired1

retired1

Administrator
Admin
Supporting Member
ECF Veteran
Verified Member
Apr 5, 2013
50,732
45,039
Texas
Jerms said:
My Android phone showed vulnerable. I use the default Android browser, not sure if it can be patched as I've never seen an update for it. I'll search for what I can do, but if someone already knows I'd appreciate it!
Click to expand...

If you can install the latest version of Chrome, you should be OK.
 
retired1

retired1

Administrator
Admin
Supporting Member
ECF Veteran
Verified Member
Apr 5, 2013
50,732
45,039
Texas
Bear in mind, this affects ANY https connection. Whether it be with your email account, shopping cart, etc. Any secure communication using https is affected by this bug.

It's unknown whether Google will address the default browser issue on Android. And if your phone is locked into a provider, you're also at their mercy as to when they'll push a patch. If Chrome isn't to your liking, I do believe FireFox makes a "droid" version as well.
 
Jerms

Jerms

Vaping Master
ECF Veteran
Jan 1, 2011
9,252
25,831
Fargo
retired1 said:
Bear in mind, this affects ANY https connection. Whether it be with your email account, shopping cart, etc. Any secure communication using https is affected by this bug.

It's unknown whether Google will address the default browser issue on Android. And if your phone is locked into a provider, you're also at their mercy as to when they'll push a patch. If Chrome isn't to your liking, I do believe FireFox makes a "droid" version as well.
Click to expand...

Thanks, good to know. Seems the best idea will be to use a different browser all together. I can check my my default browser periodically with that link to see if it's patched.
 
fractalsauce

fractalsauce

Full Member
Verified Member
Feb 23, 2015
58
75
35
Jacksonville, FL
DavidOck said:
Thanks for the heads up!

FF36.01 here on Win 7.1 - and came in vulnerable! Reading the freakcheck site, disabled Avast webshield and passed.

Looked into the latest program (not definition) version update of Avast, and was due for an update. Updated Avast to latest program version and all's good with it's web shield running.

While they state Firefox is not vulnerable, it pays to check. Your AV program may "intercept" the https calls, and if it's vulnerable an impervious browser won't help!
Click to expand...

Thanks for the heads up! I too have FF and Avast, and initially the test failed. Once I turned the web shield off, I passed. Just updated Avast, but a reboot is required. Let's see if I can turn the Web Shield back on after reboot...

EDIT: It works! I mean doesn't! I mean the page doesn't load so I'm safe! Yay!
 
Last edited:
X6X8

X6X8

Senior Member
ECF Veteran
Verified Member
Aug 7, 2013
143
116
Paris, Tx, USA
rolygate said:
A security warning for ecommerce purchases has been published Friday March 7th.

Some browsers have an HTTPS encryption vulnerability that can lead to your data being stolen by the web traffic being intercepted and the code easily cracked.

Check to see if your browser passes the exploit test below.


More info - see:
BBC News - Millions at risk from 'Freak' encryption bug

Browser / OS details:
https://freakattack.com

Exploit test:
https://cve.freakattack.com

If the page loads correctly then your browser / OS has an exploit. Reports are it says 'Vulnerable'.
If the page does not load you're OK.
It affects communications made on HTTPS - this usually means purchases via ecommerce. There is no issue with regular traffic. It just means encrypted traffic isn't properly protected. In theory this means card details could be stolen by intercepting the traffic between your device and the server.


Firefox can fail
Looks as if Firefox can fail in cases where an antivirus has a proxy that is vulnerable. Avast Web Shield is reported to cause a fail. If you have Firefox but get a fail - the page loads and says VULNERABLE - then maybe you have a faulty a/v. No doubt it will be patched soon. With Avast, open it then turn off the Web Shield.
Click to expand...

Thank you SO much. Running Firefox and Avast. Tested Vulnerable. Closed Avast web shield. Passed the test. Updated Avast. Turned web shield on. Re-ran test. Passed!! Updated Firefox just to be sure. Re-ran test again. Passed!

Like many of you probably do, I purchase online daily. I'm So glad I saw this thread. Thanks again Roly!
 
Status
Not open for further replies.

Similar threads

rolygate
  • Locked
Buying online? Check your browser security for the 'Freak exploit'
Replies
25
Views
2K
General Vaping Discussion
mightymen
mightymen
rolygate
  • Locked
  • Sticky
General tips
Replies
0
Views
4K
Computer Security
rolygate
rolygate
G
  • Locked
Warning Blu eCig is not secure checkout!
Replies
9
Views
3K
Blu Electronic Cigarettes
Nepenthy
N
rolygate
  • Locked
Back online!!
Replies
209
Views
15K
Site Feedback and Help
rolygate
rolygate
rolygate
  • Locked
Ecig Charging and Oxygen - Warning for Hospitals and Carers
Replies
0
Views
8K
Health, Safety and Vaping
rolygate
rolygate

Users who are viewing this thread

Total: 2 (members: 0, guests: 2)
Top Bottom
Jump to latest Follow Reply
Jump to latest Follow Reply
Forums
Products
Vaping.com
Star Suppliers
Blogs
Menu