CIP Cyber

FREAK: Another bug that Threaten the World

Table of Contents

FREAK is the latest encryption bug discovered by a team of security researchers. This bug will put the users secure web connection at risk and also exposes the users sensitive information. Previously it was thought that this bug was only limited to the Apple and Google browsers but the latest revelations suggest that flaw leaves communication between affected users and websites open to interception on almost every platform..

Microsoft, Google, Apple and all other companies are working on their patches to overcome this bug named as FREAK.  But it is still days away. The Question is How the user can protect himself in the mean time? The Answer of this Question is simple. User should avoid those platforms that are more Vulnerable to this bug. The next thing you should do is to avoid those websites that are Vulnerable to this bug named FREAK.

What is FREAK and How can you tackle this bug?

The FREAK flaw affects SSL/TLS, the protocol that creates a secure
connection between you and a website. The secure connection is created
when you connect with HTTPS and have a padlock in your browser address
bar. That “lock” means that your personal data is encrypted when it’s
sent to the website.

This Freak flaw has affected some major browsers like:

  • Internet Explorer – Windows
  • Safari                    – Mac OS / iOS
  • Chrome                – Mac OS / Android
  • Opera                   – Mac OS / LINUX
  • Stock Browser     – Blackberry / Android

The only browser which the security team believes is not Vulnerable to all operating systems including Android and iOS mobile devices and tablets is Mozila Firefox.  All users should install Mozila in their devices to tackle this FREAK bug until their Operating systems came up with patches which will take probably few days.

Sites that are Vulnerable to FREAK

The list of sites that are vulnerable to this bug is endless. Even sites that are on HTTPS are not secure from this bug. The list of sites include retail to government and lots of things in between. Some of the highest-traffic domains that are affected include Business Insider, American Express, Groupon, Bloomberg, NPR, Kohls, and MIT. A number of very high-profile government sites were also affected, including the NSA, the FBI, and the White House’s sites, as well as the site (USA-Jobs) that all applicants for any federal job must use.

Recommended Steps 

Update with all patches when available 
Microsoft, Apple, and Google will all be releasing patches within the next few days, so it’s critical to update your system when those patches are available.

Use Firefox to browse securely 

Until patches are available for the above affected browsers, you may want to use Firefox on iOS, Android, and Mac OS to securely browse the web and connect to your online accounts.

Replace vulnerable passwords 

Though it’s unlikely that you were attacked, as devices and websites are patched it may be a good time to change the passwords to any accounts accessed on any of your devices shown to be vulnerable. You can also use the LastPass Security Challenge to review the strength of your passwords. Our Auto-Password Change feature will also help you replace passwords automatically. It’s important to use a different, strong password on every website, so that a password stolen from one website can’t be used to login to any of your other accounts.

CIP Cyber Staff

CIP Cyber Staff

CIP Cyber Staff comprises CIP cybersecurity experts committed to delivering comprehensive information on critical infrastructure protection. The content covers diverse topics, equipping professionals to defend organizations and communities in an ever-evolving cyber landscape.

Most popular

Industrial Cybersecurity

Want always be up to date?

Don't miss the latest news

By subscribing to our mailing list, you will be enrolled to receive our new trainings, latest blog posts, product news, and more.

CIP Training & Certifications

Transform your cybersecurity skills with CIP Cyber’s comprehensive training & course offerings

Related Articles

Want always be up to date?

Don't miss the latest news

By subscribing to our mailing list, you will be enrolled to receive our new trainings, latest blog posts, product news, and more.

CIP Training & Certifications

Transform your cybersecurity skills with CIP Cyber’s comprehensive training & course offerings