FREAK Attack

Dirk_Cleenwerck · March 4, 2015, 4:05pm

Here we go again.
Sometimes it feels like we need to be paranoid.

http://blog.cryptographyengineering.com/2015/03/attack-of-week-freak-or-factoring-nsa.html

I tested the vulnerability over here:
https://freakattack.com/

On my OS X 10.10.2 Chrome is safe, Firefox is Safe, Safari isn’t.

Mark_Walsh · March 4, 2015, 4:32pm

Does anyone know how many goats it will cost when I need to upgrade my XOJO license?

Richard_Summers · March 4, 2015, 5:36pm

2 Goats and 4 Pigs.

Mark_Walsh · March 4, 2015, 5:54pm

4 Pigs? I don’t think I like this new pricing structure, 4 pigs seems a little steep.

Pigs are too valuable in this economy. After all, they are made out of bacon.

Richard_Summers · March 4, 2015, 6:11pm

Ok, seeing as how it’s you - 2 Goats and a three-toed-sloth.

Kem_Tekinay · March 4, 2015, 6:20pm

Why are you guys hijacking the thread?

Norman_P · March 4, 2015, 6:41pm

I had to chuckle at
What does it all mean?
You might think this is all a bit absurd and doesnt affect you very much. In a strictly technical sense youre probably right. The client bugs will soon be patched (update your devices! unless you have Android in which case you’re screwed). With good luck, servers supporting export-grade RSA cipher suites will soon be rare curiosity.

Rick_Araujo · March 5, 2015, 1:38am

That wasn’t a hijack. It was a live freak attack demo.

Dirk_Cleenwerck · March 5, 2015, 8:06am

Unless you were smart and got a Nexus device

Norman_P · March 5, 2015, 3:19pm

That wasn’t my conclusion - that was in the blog post you referred to
Not sure WHY he cam to it - I just found it funny

Everything else I’ve seen suggests that Chrome is not vulnerable on any platform

Meade_Lewis · March 5, 2015, 4:36pm

[quote=172576:@Norman Palardy]
Everything else I’ve seen suggests that Chrome is not vulnerable on any platform[/quote]

Chrome VERY is vulnerable on Android devices.

Norman_P · March 5, 2015, 4:56pm

Interesting
I’d seen a few posts and articles from computerworld & a few other sites that would lead me to believe it wasn’t.
However the FREAKATtack.com site does list it and several others as vulnerable.

Fun times

Robert_Schofield · March 6, 2015, 10:51pm

Microsoft announced today Windows in vulnerable to this too.

Meade_Lewis · March 10, 2015, 3:32pm

Has anyone seen any updates? So far we have seen very little protection come as updates.

Norman_P · March 10, 2015, 3:33pm

Apple’s shipped theirs for OS X and iOS

Meade_Lewis · March 10, 2015, 3:35pm

Oh? For iOS do I just get employees to download that via the system update?

I am the only one who uses OS X at the office, so do I just get that from the automatic system updates?

Thanks Norman

Norman_P · March 10, 2015, 3:38pm

Yes
Just DONT install Xcode 6.2 as that will break your ability to build iOS apps
It’s easy enough to revert though

Meade_Lewis · March 10, 2015, 3:39pm

Oh snap. Thanks for the info.

Dirk_Cleenwerck · March 11, 2015, 7:58am

Of course coming into work this morning, first thing I did was run the updates, then go to the forum.
Hence the warning came after I already installed it.
Typical

Tomas_J · March 11, 2015, 8:12am

Haha Dirk, same here