FREAK is the latest encryption bug discovered by a team of security researchers. This bug will put the users secure web connection at risk and also exposes the users sensitive information. Previously it was thought that this bug was only limited to the Apple and Google browsers but the latest revelations suggest that flaw leaves communication between affected users and websites open to interception on almost every platform..
Microsoft, Google, Apple and all other companies are working on their patches to overcome this bug named as FREAK. But it is still days away. The Question is How the user can protect himself in the mean time? The Answer of this Question is simple. User should avoid those platforms that are more Vulnerable to this bug. The next thing you should do is to avoid those websites that are Vulnerable to this bug named FREAK.
What is FREAK and How can you tackle this bug?
The FREAK flaw affects SSL/TLS, the protocol that creates a secure
connection between you and a website. The secure connection is created
when you connect with HTTPS and have a padlock in your browser address
bar. That “lock” means that your personal data is encrypted when it’s
sent to the website.
This Freak flaw has affected some major browsers like:
- Internet Explorer – Windows
- Safari – Mac OS / iOS
- Chrome – Mac OS / Android
- Opera – Mac OS / LINUX
- Stock Browser – Blackberry / Android
The only browser which the security team believes is not Vulnerable to all operating systems including Android and iOS mobile devices and tablets is Mozila Firefox. All users should install Mozila in their devices to tackle this FREAK bug until their Operating systems came up with patches which will take probably few days.
Sites that are Vulnerable to FREAK
The list of sites that are vulnerable to this bug is endless. Even sites that are on HTTPS are not secure from this bug. The list of sites include retail to government and lots of things in between. Some of the highest-traffic domains that are affected include Business Insider, American Express, Groupon, Bloomberg, NPR, Kohls, and MIT. A number of very high-profile government sites were also affected, including the NSA, the FBI, and the White House’s sites, as well as the site (USA-Jobs) that all applicants for any federal job must use.
Recommended Steps
Update with all patches when available
Microsoft, Apple, and Google will all be releasing patches within the next few days, so it’s critical to update your system when those patches are available.
Use Firefox to browse securely
Until patches are available for the above affected browsers, you may want to use Firefox on iOS, Android, and Mac OS to securely browse the web and connect to your online accounts.
Replace vulnerable passwords
Though it’s unlikely that you were attacked, as devices and websites are patched it may be a good time to change the passwords to any accounts accessed on any of your devices shown to be vulnerable. You can also use the LastPass Security Challenge to review the strength of your passwords. Our Auto-Password Change feature will also help you replace passwords automatically. It’s important to use a different, strong password on every website, so that a password stolen from one website can’t be used to login to any of your other accounts.