FREAK Attack

Posted on Updated on

Tutorials
Tutorials

Tracking the FREAK Attack 😡

Good News! Your browser appears to be safe from the FREAK attack

If your one of the people that use Internet Explorer for web browsing, you many wanna check a few things before going online again. Internet Explorer appears to be vulnerable to this Freak Attack while all other browsers appear to be protected against the exploits. Browser’s are not necessarily vulnerable on all systems they support. Chrome is for instance vulnerable on Android and Mac OS X but not on Windows.

Firefox appears to be the only browser not affected by the vulnerability at all on all systems it supports. Since Internet Explorer is affected by the vulnerability on Windows, it is important to check whether your PC is vulnerable and do something about it if that is the case.

The easiest way to do that is to use the Freak Client Test Tool which tests for the vulnerability and reports back if your browser is vulnerable or not. Microsoft released a Security Advisory that includes a workaround for some Windows systems. Some? The workaround requires access to the Group Policy Editor which is only available on Professional, Ultimate and Enterprise versions of Windows.

Photo Powered by Google Drive

There is no workaround for systems that don’t support the Group Policy Editor. This protects Internet Explorer from the vulnerability. Windows won’t connect to systems that use a cipher not supported in the list that you have added in the Group Policy Editor. To undo the change at a later point in time, set the policy to disabled.

Photo Powered by Google Drive

Press Windows key + R and type gpedit.msc or cmd hit enter. The Command Prompt will also launch Local Group Policy Editor if you prefer working from the thermal. If you get no prompt to Confirm the User Account Control, then it’s disable under User Accounts. Use the left sidebar to navigate to Local Computer Policy > Computer Configuration > Administrative Templates > Network > SSL Configuration Settings

Double-click on SSL Cipher Suite Order
Switch the policy to enabled

Copy the Cipher suite order from Microsoft’s advisory page to the clipboard, and paste it into the SSL Cipher Suites form Click Ok and restart the PC. If Mozilla Firefox users who get reports that their system is vulnerable may want to check if add-ons or security software is interfering with the process. Ghacks reader noticed that Avast’s Web Shield was the cause for vulnerability reports in his version of Firefox.

PhoneyVirus
PhoneyVirus
Has a passion for computer hardware and dream’s of been a professional technician one day, fairly educated on the subject and opened minded. Programing maybe one of many interest, but are divided into what you call time. When he ant learning what’s new, he’s usually jamming out on electric guitar or playing some awesome PC Game.

Advertisements