On Tuesday, March 3, 2015, researchers discovered another major security flaw in the world of Internet and that too in its backbone i.e. SSL/TLS security protocol. The vulnerability was named as FREAK attack. It can be used by an attacker to intercept HTTPS connections and steal sensitive information.
Who is affected with this?
Both server and client browsers are effected by this vulnerability. Servers those accept RSA_EXPORT cipher suites put their users at risk. A list of popular domains which are effected by this vulnerability are listed here.
Various popular browsers are vulnerable to the FREAK attack because of bugs that allow an attacker to force them to use weak, export-grade encryption. You can check if your browser is affected with FREAK flaw by visiting this link. If your browser is affected you will see a red warning message as
BTW, here is a list of most popular effected browsers:-
- Internet Explorer (Read more from Microsoft Advisory)
- Chrome on Mac OS (Patch available now)
- Chrome on Android
- Stock Android Browser
- Safari on Mac OS (Patch expected next week)
- Safari on iOS (Patch expected next week)
- Blackberry Browser
- Opera on Mac OS
- Opera on Linux
How Enpass is affected
What should I do?
- Update your OS and browsers: All OS & browser providers will be releasing updates as soon as possible and you must install all these updates immediately.
- Use Firefox for browsing: Thanks to Firefox for its immunity against this infection and you can download it for free.
- Change your vulnerable passwords: However it is unlikely that your account is hacked. But it is always good to prepare for these kind of attacks in advance. You should not use same passwords for multiple websites. Enpass can help you to create unique strong passwords using built-in password generator so if one of your account is hacked, the same password will not be usable on other websites.