So what does the A stand for?
FREAKing hell: ALL Windows versions vulnerable to SSL snoop
Microsoft has confirmed that its implementation of SSL/TLS in all versions of Windows is vulnerable to the FREAK encryption-downgrade attack. This means if you're using the company's Windows operating system, an attacker on your network can potentially force Internet Explorer and other software using the Windows Secure Channel …
COMMENTS
-
-
-
-
-
Friday 6th March 2015 12:15 GMT oddie
Re: @Bob Vistakin
Current list of browsers affected, for those who don't like to read sources :)
Internet Explorer Security advisory
Chrome on Mac OS Patch available now
Chrome on Android
Safari on Mac OS Patch expected next week
Safari on iOS Patch expected next week
Stock Android Browser
Blackberry Browser
Opera on Mac OS
Opera on Linux
up to date as per 2015-03-05
-
-
-
-
Saturday 7th March 2015 06:17 GMT big_D
Re: Bork IE<9
What exactly is the degridation of security here? I skimmed the articles, but didn't find anything definitive.
My IE is set to only use TLS 1.1 and TLS 1.2, TLS 1,0 and SSL 2.0 are disabled. It also forces a check of the certificates.
The Freakattack site says that it is still vulnerable, is that because it just checks for IE 11, or because even with these settings (AFAIK TLS 1.1 is still secure) IE 11 is vulnerable and can be forced to use a weaker protocol?
Aha, seems if they can force RSA mode, they can bypass the generating of new session keys and some messages are skipped, even though they theoretically can't be skipped (www,smacktls.com).
The good news is, I generally use Firefox for anything secure.
-
Sunday 8th March 2015 16:00 GMT Daniel B.
Re: Bork IE<9
The Freakattack site says that it is still vulnerable, is that because it just checks for IE 11, or because even with these settings (AFAIK TLS 1.1 is still secure) IE 11 is vulnerable and can be forced to use a weaker protocol?
Yes, unfortunately TLS 1.x doesn't mean that EXPORT ciphers are disabled at all. I've tested a couple of sites, and TLS still can negotiate EXP-RC4-MD5, which makes cryptographers' eyes bleed. The problem is that EXPORT should have been removed from the default set of ciphers at least a decade ago.
-
-
-
-
-
-
-
Friday 6th March 2015 05:18 GMT david 12
>BTW, why is Firefox the only major browser not affected?
Since "version 33", Firefox has had no support for 512bit keys. This makes FF unsuitable for a small number of specialised web sites, particularly from embedded devices, but also (and this is the reason it was done) makes it impossible to connect to anything using a 512 bit key.
-
Friday 6th March 2015 09:15 GMT streaky
Re: >BTW, why is Firefox the only major browser not affected?
This makes FF unsuitable for a small number of specialised web sites
There's no *reasonably* modern crypto stack (written within like the last 15 years) that requires that these cipher suites are used. Servers don't need to support them, the end. No ifs, no buts as DC would say.
-
-
-
-
-
Saturday 7th March 2015 00:13 GMT Anonymous Coward
Absolutely - it's high time they cleaned out all the legacy code they licensed from UNIX that keeps having these holes in...
So you'll be doing away with the convenience of directories ("folders" for you post-Win95 folk)?
You'll be doing away with the BSD-inspired TCP/IP stack?
In fact, bring it on. Getting rid of TCP/IP in Windows will mean no more Windows on the Internet and probably a vast reduction in the amount of crap we non-Windows have had to endure ever since you folk got here!
And don't get me started on supposed rewrites, if I had a dollar for every time ${WINDOWS_RELEASE} was a ground-up rewrite I'd be able to buy Microsoft several times over by now.
-
-
-
-
Friday 6th March 2015 10:33 GMT mark jacobs
Re: A different Freak?
Opera 27.0.1689.76 is NOT vulnerable under Windows 8.1 64-bit Pro.
IE11 IS vulnerable under Windows 8.1 64-bit Pro.
** WARNING **, it is still not safe to do your banking using IE, unless you are banking with one of the very few banks that have enforced the more modern ciphers on their servers.
-
Friday 6th March 2015 01:34 GMT diodesign
Re: A different Freak?
Internet Explorer in the Windows 10 Preview and Windows 8.1 was/is flagged up as vulnerable on freakattack.com. It is the same problem. Microsoft warns:
"Our investigation has verified that the vulnerability could allow an attacker to force the downgrading of the cipher suites used in an SSL/TLS connection on a Windows client system. The vulnerability facilitates exploitation of the publicly disclosed FREAK technique, which is an industry-wide issue that is not specific to Windows operating systems."
C.
-
Friday 6th March 2015 01:58 GMT Michael B.
Re: A different Freak?
Thanks for that. The website freakattack.com now says "(An earlier version of our test gave incorrect results for IE; IE is indeed vulnerable.)" Which goes to explain why I thought IE was not vulnerable earlier in the week.
On a different note it seems that with the updated website Windows Phone is now being marked as vulnerable.
-
Friday 6th March 2015 15:20 GMT cambsukguy
Re: A different Freak?
I just went to the web site and it aid "Whoops, your browser might be incompatible with our test..."
Which is weird because IE 11 ought to be testable really.
So I went to the link which said "If this page loads successfully, you are vulnerable" (cve).
It didn't, I presume that I am not then.
Also, my (Denim) Windows Phone did the same thing exactly.
Have they patched it already? magically? or is the cve test site less than useful?
-
-
-
Friday 6th March 2015 02:04 GMT Howard Hanek
Windows
Medically I would equate the Windows Operating system to patient suffering the symptoms of advanced syphilis such as severe neurological damage, dementia and running sores. Should we just make out living wills and expect that the wealth of developed nations will suddenly enrich a new criminal class?
-
Friday 6th March 2015 09:55 GMT serendipity
Re: Windows
Howard you are obviously a being with mighty knowledge. You have convinced me that I need to move off Windows. Oh great one, can you recommend an OS that has no security vulnerabilities? I guess that will be the one you use. So please speaketh its name so that we can all come into the light and hail this mighty OS ;-)
-
-
-
Friday 6th March 2015 11:40 GMT ThomH
This article is about a security issue affecting web browsers. The linked article contains the text "When it comes to applications, it is little wonder that web browsers topped the list, with Microsoft's Internet Explorer up at the top with a total of 242 reported vulnerabilities".
I would therefore not recommend it for the purpose advocated.
-
Wednesday 11th March 2015 12:13 GMT Anonymous Coward
"Microsoft's Internet Explorer up at the top with a total of 242 reported vulnerabilities"."
They are multi counting the same vulnerabilities across different IE versions, but not doing so with Chrome. In terms of unique vulnerabilities, Chrome has had ~ twice as many as IE in the last year.
-
-
-
This post has been deleted by its author
-
-
Friday 6th March 2015 18:47 GMT Michael Wojcik
6 downvotes and no reply? That's a bit harsh for what seems like a valid question.
No. First, it's not an attack on "websites" at all (unlike, say, XSS vulnerabilities, or web-based SQL injection, etc). FREAK is an attack on SSL/TLS implementations. Probably most SSL/TLS traffic is HTTP (certainly most of what typical users see is), but it's not exclusive to websites.
FREAK involves convincing the client and server to select a weak asymmetric key during negotiation. It makes use of the old "export-grade" suites, which were mandated by the US government until it finally caved under pressure from business interests.
The OpenSSL version of FREAK - the first one that was reported - works something like this:
- Client: Hey, I can use any of these cipher suites, including some RSA ones. (Whether the client says it can use the export suites is irrelevant in this case.)
- Attacker intercepts this message and changes it to "Hey, I can only use the RSA export suites, so give me a short RSA key".
- Server: OK, here's your crummy RSA key.
- Client: Sure, I'll use that, even if I was expecting a decently strong RSA key.
- Client and server then generate a strong session key, but it's exchanged under the weak RSA key, so the attacker can break that and extract the session key.
We don't seem to have public details on the SChannel version of the attack, but it may affect both client- and server-side SChannel. Or it may only affect the server side, in which case this variant of FREAK is only an issue for Windows-hosted services (whether those are websites or whatever). But the OpenSSL version would still potentially be a problem for servers running on other OSes.
There's also the recently-announced Skip-TLS attack, which involves broken implementations of the TLS state machine. That one produced a fairly minor vulnerability in OpenSSL (servers that authenticate clients using certificates and allow a certain rare type of certificate could be vulnerable to client impersonation). Unfortunately, it completely breaks the JSSE implementation of TLS. All versions of Java have been vulnerable to it for years. Oracle fixed it with a critical update (for Java 5 through 8) in January.
Other implementations are apparently vulnerable to Skip-TLS. Per the linked document, CyaSSL fixed it a while back and "other disclosures are pending". More TLS fun to come!
-
-
Friday 6th March 2015 17:05 GMT crayon
"** WARNING **, it is still not safe to do your banking using IE, unless you are banking with one of the very few banks that have enforced the more modern ciphers on their servers."
One of the forking banks that I use "silently" fail to login if I don't set the user-agent on my browser to some variant of IE.
-
Friday 6th March 2015 20:30 GMT Anonymous Coward
Irony
It's interesting to note that if you apply the workaround on the linked TechNet page, that you will no longer be able to access that page as the server only supports 5 of the TLS_RSA_WITH* algorithms that it has you disable.
Also doesn't support TLS 1.1 or 1.2, but does support SSL 3.0.
-
Sunday 8th March 2015 15:08 GMT mfraz
Rekonq
Just did a few tests on the browsers installed on my computer running Kubuntu 14,10 and Chrome & Firefox both pass, but Konqueror & Rekonq both fail the test
"Warning! Your browser offers RSA_EXPORT cipher suites. It can be tricked into using weak encryption if you visit a vulnerable website. We encourage you to update your browser right away."
Doubt I've got much chance of them being upgraded.