FREAK: All Windows versions are affected too

诸葛亮

                           FREAK: All Windows versions are affected too
UPDATE on the FREAK OpenSSL vulnerability: it affects not only Android and iOS but all Windows versions too.

We about the new SSL vulnerability called FREAK – Factoring RSA Export Keys – affects around 36% of all sites trusted by browsers and around 10% of the Alexa top one million domains, according to computer scientists at the University of Michigan.

Android, iOS and a lot of embedded devices that make use of the affected SSL clients (including Open) are in danger of having their connections to vulnerable websites intercepted.

The two most used operating systems for smartphones, tablets, laptops and embedded devices are in good company. Yesterday, Microsoft made known that all its supported Windows versions are also affected due to the presence of the vulnerability in the Windows Secure Channel (SChannel) – the Microsoft own implementation of SSL/TLS:

Windows Server 2003
Windows Vista
Windows Server 2008
Windows 7
Windows 8 and 8.1
Windows Server 2012
Windows RT
where the problem is analyzed and solutions are offered. Also a patch is promised to fix all supported operating systems.

What does it mean for the user?

FREAK vulnerability
[/url]
What should the users do?


转自[url]http://blog.avira.com/freak-windows/






我测试了一下我的谷歌浏览器是safe，IE11是vulnerable
IE11（可能是我没有升级IE)


谷歌浏览器

测试地址https://freakattack.com/

__情义丶飞雪

什么鬼...

诸葛亮

__情义丶飞雪 发表于 2015-3-7 11:12
什么鬼...

详情看这里http://bbs.kafan.cn/thread-1814398-1-1.html

g550

Good News! Your browser appears to be safe from the FREAK attack.

tete009 firefox 24.8.1

aaa839

诸葛亮 发表于 2015-3-7 11:18
详情看这里http://bbs.kafan.cn/thread-1814398-1-1.html

隨了IE外,所有新版本的瀏覽器應該已經修復此問題
Avira已提及了此問題
其他Windows 用戶,包括XP/Server 2003至8.1用戶請留意
Microsoft Security Advisory 3046015
IE雖然可以使用微軟Security Advisor
但留意,Security Advisor內的臨時方法是禁用左部份TLS,
但會令部份加密網頁無法載入

https://technet.microsoft.com/en ... PPError=-2147217396