Announcement

Collapse
No announcement yet.

Secure connection vulnerability - Another good reason to use Firefox

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Secure connection vulnerability - Another good reason to use Firefox

    Many of the top browsers are vulnerable, including IE. Firefox is not vulnerable to this exploit.

    Almost 10% of the one million top domain names are vulnerable.

    Media articles on the vulnerability: ‘FREAK’ flaw undermines security for Apple and Google users, researchers discover - The Washington Post

    BBC News - Millions at risk from 'Freak' encryption bug

    Test your browser and links to more technical information: https://freakattack.com/


    Java "Once again hurray for Firefox!" phile
    Toys! I must have new toys!!!

  • #2
    Oh deary me, out of the "top susceptible sites" this one stuck out:

    4339 nespresso.com 91.209.84.237

    Comment


    • #3
      The sys admins there need to gulp down two espresso pods of intensity 11 and get back and upgrade their SSL :-)

      Comment


      • #4
        Had a look at that list. Most of those sites I'd never be visiting except for: nsw.gov.au and telstra

        telstra.com.au
        TLS_RSA_EXPORT1024_WITH_RC4_56_MD5 (0x60) 56 INSECURE (key size )
        TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA (0x62) 56 INSECURE (key size )
        TLS_RSA_EXPORT1024_WITH_RC4_56_SHA (0x64) 56 INSECURE (key size )
        They also support the use of use weak 128 bit RSA4 keys so should disable that as well.

        But there is worse to come. nsw.gov.au support a 40 bit! RSA EXPORT protocol AND they are still vulnerable to the Poodle attack AND they have a Verisign certificate that expired more than 500 days ago!
        Reference: https://sslanalyzer.comodoca.com/?url=nsw.gov.au

        Edit: optusnet.com.au just as bad

        However remember that if a site is just serving up http pages and are not using https (e.g. if they don't have any sites needing logins) then running an out-of-date or low bit SSL doesn't necessarily make the site or its clients insecure. It's only if you use a secure login and there is a man-in-the-middle.

        Mike

        Comment


        • #5
          Originally posted by Javaphile View Post
          Many of the top browsers are vulnerable, including IE. Firefox is not vulnerable to this exploit.
          From https://freakattack.com/

          Chrome for Windows and all versions of Firefox are known to be safe

          Comment


          • #6
            ... and I just tested lynx and wget on Linux and they are vulnerable :-)
            I have no idea on why they were not listed with the other major browsers :-)

            wget https://freakattack.com/clienttest.html
            lynx https://freakattack.com/clienttest.html

            Mike

            Comment

            Working...
            X