Mar 04, 2015

How to protect against FREAK TLS/SSL vulnerability?

Another week, another SSL bug. The latest is creatively named FREAK. What needs to be done to protect against this vulnerability?
It’s pretty easy - use either Internet Explorer, Firefox or Chrome browsers.

According to the Sophos security blog, FREAK “...only works if you end up with a TLS connection secured with an export grade RSA key.
As far as we know, the trick doesn't work against the TLS implementations used by Microsoft, Google and Mozilla.
So users of Internet Explorer, Chromium/Chrome and Firefox are OK.

Browsers that use OpenSSL are at risk, which includes Android's now-disowned "Browser" browser, and therefore probably Samsung's derived browser known as "Internet."
Likewise, Apple's own implementation of TLS, called Secure Transport, puts OS X software that uses it at risk, including Safari.

In the short term, if you are worried, try using an alternative browser. (But make sure you know how to configure it to your usual privacy standards, and how to keep it updated!)
If you are using Safari, you can also check the strength of the encryption in use after connecting to a site, but before sharing any personal data with it.”
Answer this