Sorry Windows users, even you are not safe from the FREAK Web bug.
The same security flaw that left some Apple and Google device users vulnerable to attack also put Windows' devices at risk, Redmond has confirmed.
Known as FREAK (Factoring RSA Export Keys), the bug dates back more than a decade, and opens those on the Android, Safari, and now Windows browsers to man-in-the-middle hacks when surfing supposedly secure websites.
Microsoft acknowledged the vulnerability this week, saying in a Thursday statement that it "affects all supported releases of Microsoft Windows."
"Our investigation has verified that the vulnerability could allow an attacker to force the downgrading of the cipher suites used in an SSL/TLS connection on a Windows client system," Redmond said. Still, "Microsoft had not received any information to indicate that this issue had been publicly used to attack customers."
According to CNET, Microsoft will likely address the issue during its scheduled Patch Tuesday update, or with an out-of-cycle fix. Apple and Google are also prepping updates, expected in the coming weeks.
In the meantime, users are encouraged to disable the RSA export ciphers.
The flaw targets deliberately weak export cipher suites. And while support for most of those algorithms is disabled by default, there is a loophole, researchers said.
"If a server is willing to negotiate an export ciphersuite, a man-in-the-middle may trick a browser (which normally doesn't allow it) to use a weak export key," according to the cryptographers' website.
Mumbai City Search – Interactive City Guide
"Where Do We Go From Here?" Posted Oct. 23, 2011, 9:32 p.m. EST by OccupyWallSt On the one month annivers...
Taipei City Guide - Interactive Country Guide Interactive Search City Guide - Country Guides eBook Author: R.G.Richardson No typing jus...
Proposed Contaminated Fill Site Thank you for taking interest in the future of our community, it’s watershed, Shawnigan Creek, Shawnig...