Windows PCs Not Immune To ‘FREAK’ Attacks

0
Windows PCs Not Immune To ‘FREAK’ Attacks
ElisaRiva / Pixabay

It was reported recently that Apple’s and Google’s browsers are vulnerable to the so-called “FREAK” hacking attack and that Windows PCs aren’t. However, it turns out that they actually are, according to a report from Lucian Constantin of PC World.

Play Quizzes 4

Microsoft warns of FREAK vulnerability

On Thursday, Microsoft warned Windows PC users that many PCs are vulnerable to the so-called “FREAK” (factoring attack on RSA-EXPORT keys) hole. That vulnerability was the result of a decades-old government policy that required the strength of RSA encryption keys to be limited in some implementations of SSL.

[Exclusive] ExodusPoint Is In The Green YTD Led By Rates And EM/ Macro Strategies

Invest ESG Leon CoopermanThe ExodusPoint Partners International Fund returned 0.36% for May, bringing its year-to-date return to 3.31% in a year that's been particularly challenging for most hedge funds, pushing many into the red. Macroeconomic factors continued to weigh on the market, resulting in significant intra-month volatility for May, although risk assets generally ended the month flat. Macro Read More

Hackers who take advantage of the vulnerability could then force servers and clients to use weak encryption, making it easier for them to get in. Even though the government guideline requiring a limit on encryption is no longer in effect, there are still many servers supporting the weak cipher suites. As a result, some SSL / TSL clients can be forced to take them, according to Constantin.

Microsoft offers workaround

In its warning, Microsoft said Secure Channel, which is a crypto library that all supported Windows versions have, is also unprotected against the FREAK flaw. This means that, contrary to previous reports, Internet Explorer and any other programs that use Secure Channel are vulnerable.

The company offered a workaround for those who are able to implement it. Apparently IT administrators can disable the RSA key exchange cyphers through the Group Policy Object Editor. The problem with this workaround, however, is that some servers might refuse connections from these PCs. Also the workaround can’t be used on Windows Server 2003, which is vulnerable.

Check if your PC is open to FREAK

Constantin suggests PC users visit the University of Michigan’s website to see if their browser is open to the FREAK flaw. The website also gives a list of the HTTPS websites that are open to attack through the FREAK hole.

In addition, the site includes details about what Google, Apple, Microsoft and other companies are doing to close the vulnerability in their products. Google has already pushed out a patch for Chrome on Mac, while Apple isn’t expected to roll out a patch for Safari until next week.

Updated on

Michelle Jones is editor-in-chief for ValueWalk.com and has been with the site since 2012. Previously, she was a television news producer for eight years. She produced the morning news programs for the NBC affiliates in Evansville, Indiana and Huntsville, Alabama and spent a short time at the CBS affiliate in Huntsville. She has experience as a writer and public relations expert for a wide variety of businesses. Email her at Mjones@wordpress-785388-2679526.cloudwaysapps.com.
Previous article Nicholas O’Grady Fired From BlueCrest For Divulging Information To SAC
Next article Falling Oil Prices Source of Bargain Hunting – Oakmark Funds

No posts to display