https://www.channelfutures.com/wp-content/themes/channelfutures_child/assets/images/logo/footer-new-logo.png
  • Home
  • Technologies
    • Back
    • Analytics
    • Artificial Intelligence
    • Cloud
    • Data Centers
    • Desktop
    • IoT
    • Mobility
    • Networking
    • Open Source
    • RMM/PSA
    • Security
    • Virtualization
    • Voice/Connectivity
  • Strategy
    • Back
    • Best Practices
    • Business Models
    • Channel 101
    • Channel Programs
    • Channel Research
    • Digital Transformation
    • Diversity & Inclusion
    • Leadership
    • Mergers and Acquisitions
    • Sales & Marketing
    • Specialty Practices
  • MSSP Insider
    • Back
    • Business of Security
    • Cloud and Edge
    • Endpoint
    • Network
    • People and Careers
    • Training and Policies
  • MSP 501
    • Back
    • 2020 MSP 501 Rankings
    • 2020 Hot 101 Rankings
    • 2020 MSP 501 Report
  • Intelligence
    • Back
    • Our Sponsors
    • From the Industry
    • Content Resources
    • COVID-19 Partner Help
    • Galleries
    • Podcasts
    • Reports
    • Videos
    • Webinars
    • White Papers
  • EMEA
  • Awards
    • Back
    • Excellence in Digital Services
    • 2020 MSP 501
    • Top Gun 51
  • Events
    • Back
    • CP Conference & Expo
    • Channel Partners Evolution
    • Channel Evolution Europe
    • Channel Partners Event Coverage
    • Webinars
  • Channel Mentor
    • Back
    • Channel Market Intelligence
    • Channel Educational Series
Channel Futures
  • NEWSLETTER
  • Home
  • Technologies
    • Back
    • Analytics
    • Artificial Intelligence
    • Cloud
    • Data Centers
    • Desktop
    • IoT
    • Mobility
    • Networking
    • Open Source
    • RMM/PSA
    • Security
    • Virtualization
    • Voice/Connectivity
  • Strategy
    • Back
    • Best Practices
    • Business Models
    • Channel 101
    • Channel Programs
    • Channel Research
    • Digital Transformation
    • Diversity & Inclusion
    • Leadership
    • Mergers and Acquisitions
    • Sales & Marketing
    • Specialty Practices
  • MSSP Insider
    • Back
    • Business of Security
    • Cloud and Edge
    • Endpoint
    • Network
    • People and Careers
    • Training and Policies
  • MSP 501
    • Back
    • 2020 MSP 501 Rankings
    • 2020 Hot 101 Rankings
    • 2020 MSP 501 Report
  • Intelligence
    • Back
    • Our Sponsors
    • From the Industry
    • Content Resources
    • COVID-19 Partner Help
    • Galleries
    • Podcasts
    • Reports
    • Videos
    • Webinars
    • White Papers
  • EMEA
  • Awards
    • Back
    • Excellence in Digital Services
    • 2020 MSP 501
    • Top Gun 51
  • Events
    • Back
    • CP Conference & Expo
    • Channel Partners Evolution
    • Channel Evolution Europe
    • Channel Partners Event Coverage
    • Webinars
  • Channel Mentor
    • Back
    • Channel Market Intelligence
    • Channel Educational Series
    • Newsletter
  • REGISTER
  • MSPs
  • VARs / SIs
  • Digital Service Providers
  • Cloud Service Providers
  • CHANNEL PARTNERS ONLINE
 Channel Futures

Security


Report: The FREAK Bug Now is Everywhere

  • Written by DH Kass 1
  • March 8, 2015
Microsoft confirmed that the latest version of Internet Explorer 11 running on a fully protected Windows 7 computer is vulnerable to a FREAK attack in which invaders could get in the middle of HTTPS-secure traffic between users and millions of vulnerable websites.

The FREAK, not a dance or a television show but rather a dangerous security bug, short for “Factoring attack on RSA-EXPORT Keys,” apparently is everywhere on just about every browser and platform save Firefox. And, it’s been around for about a decade, according to reports.

But it’s worse than that. Late last week, Microsoft (MSFT) confirmed in a security advisory that the latest version of Internet Explorer 11 running on a fully protected Windows 7 computer, nevertheless, still was vulnerable to a FREAK attack in which invaders could get in the middle of HTTPS-secure traffic between users and millions of vulnerable websites.

Freakattack.com, a service that scans for vulnerabilities to the bug, also confirmed Microsoft’s advisory, dismissing previous thinking that the bug couldn’t invade Windows systems.

“Microsoft is aware of a security feature bypass vulnerability in Secure Channel (Schannel) that affects all supported releases of Microsoft Windows,” the vendor wrote in the security alert.

“Our investigation has verified that the vulnerability could allow an attacker to force the downgrading of the cipher suites used in an SSL/TLS connection on a Windows client system,” the advisory said. “The vulnerability facilitates exploitation of the publicly disclosed FREAK technique, which is an industry-wide issue that is not specific to Windows operating systems. When this security advisory was originally released, Microsoft had not received any information to indicate that this issue had been publicly used to attack customers.”

Microsoft went on to say that to protect users it’s unsure if it will need to provide a security update through its normal monthly patch releases or issue what it calls an “out-of-cycle” security update.

FREAK attacks can occur when an unsuspecting user operating a compromised machine visits a vulnerable, but supposedly HTTPS-secure website, which an attacker has downgraded to a weaker 512-bit cipher.

The bug previously was thought to invade Android devices, Apple (AAPL) iPhones and Macs and BlackBerry (BBRY) smartphones but with Windows devices now susceptible, obviously the number of possible user intrusions multiplies exponentially.

In response to the threat, Google already has updated Chrome for the Mac that closes the FREAK hole for OS X users. But Google has yet to issue a patch for Chrome for Android users. Similarly, Apple said it will have a fix for OS X and iOS in the next few days.

Right now, the estimate is nearly 40 percent of HTTPS-protected websites may be vulnerable to the FREAK opening, meaning they will support the weak cipher making them vulnerable to an intrusion. Some high traffic websites, including included AmericanExpress.com, Groupon.com, Bloomberg.com,government sites such as the NSA, the FBI, and the White House’s sites are vulnerable to the bug.

Tags: Cloud Service Providers Digital Service Providers MSPs VARs/SIs Security

Related


  • cybersecurity predictions
    Cybersecurity: What to Expect in 2021
    Remote work is here to stay (and other cybersecurity predictions for the year ahead).
  • Cloud Strategy
    In 2021, Cloud Governance Becomes Imperative as Adoption Soars
    CloudSphere, Fortanix and MontyCloud all talk about what’s at stake and what partners must do now.
  • ThinkPad X1 Titanium Yoga
    Lenovo to Ship Its Thinnest ThinkPad Yet with X1 Titanium Yoga
    Lenovo's expanded commercial line includes revamped ThinkBooks and AR glasses.
  • Ransomware and malware
    Help Your Customers Mitigate Malware: Viruses, Worms, and Trojans…Oh My!
    With the right antivirus protection, your customers can better detect and prevent the spread of malware.

Leave a comment Cancel reply

-or-

Log in with your Channel Futures account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • Microsoft Launches Surface Pro 7+ for Business, Sold Only via Channel
  • SMBs’ Cybersecurity Risk Awareness Is Rising
  • Security Tips for Protecting your Backup Servers
  • Huntress Acquires Level Effect EDR to Beef Up Platform

Galleries

View all

New, Changing Partner Programs: AWS, Tech Data, Avaya, Verizon

January 11, 2021

Industry Perspectives

View all

The Importance of Being Security-Centric

January 22, 2021

Cyberattacks: Threat Hunters Conquer Unpredictability with 3 Measures

January 21, 2021

The Right Data Migration Tool Helps Schools Move to Cloud During COVID Crisis

January 19, 2021

Webinars

View all

Your Network Perimeter Has Changed

February 18, 2021

In Case of Emergency: The Importance of Proactive Critical Event Management

February 23, 2021

How Managed Hosting Providers Thrive with the Alternative Cloud

February 24, 2021

White Papers

View all

Product Brief: Kaseya VSA Integrated Workflows with BMS and IT Glue

January 26, 2021

Why Subscription Business Model

January 15, 2021

The Ultimate MSP Guide to Sales Efficiency

January 14, 2021

Upcoming Events

View all

Channel Partners Virtual

March 2, 2021 - March 4, 2021

Channel Partners Conference & Expo

November 1, 2021 - November 4, 2021

Videos and Fastchats

View all

FASTCHAT: How SOAR Eliminates Security Challenges and Elevates Service Provider Revenues

January 6, 2021

Happy Holidays from Channel Partners & Channel Futures!

December 21, 2020

FASTCHAT: How Old, Unpatched Technologies Are Creating New Security Threats for MSPs and Their Customers

December 3, 2020

Twitter

ChannelFutures

Product Brief: Kaseya VSA Integrated Workflows with BMS and IT Glue dlvr.it/RrPJWz https://t.co/qFvS3o0XIZ

January 26, 2021
ChannelFutures

.@SaaSAlerts_hires @KaseyaCorp vet as new CEO. #MSP #cybersecurity dlvr.it/RrNyQx https://t.co/XzKxQbmrhr

January 26, 2021
ChannelFutures

.@untangle_inc partners say #cybersecurity spending will increase this year due to media coverage of cyberattacks.… twitter.com/i/web/status/1…

January 26, 2021
ChannelFutures

Native @MicrosoftTeams integration coming to @SAP apps. dlvr.it/RrKz34 https://t.co/tM7SQaaOHl

January 26, 2021
ChannelFutures

#Biden, @CompTIA both launch big #cybersecurity efforts (separately). dlvr.it/RrKr54 https://t.co/hXEw2CGUMZ

January 25, 2021
ChannelFutures

.@HPE appoints new head of worldwide distribution. #cloud dlvr.it/RrKJLT https://t.co/FW0OUTDJFF

January 25, 2021
ChannelFutures

Following its acquisition of SAP specialist Pioneer B1, new @SapphireSystems GM reveals "buy and build" growth stra… twitter.com/i/web/status/1…

January 25, 2021
ChannelFutures

.@exabeam, @VulcanCyber, @ntti3, @Vectra_AI, @Lookout and @valtixinc give high marks to @POTUS' federal… twitter.com/i/web/status/1…

January 22, 2021

MSSP Insider

Newsletters and Updates

Sign up for The Channel Report, Channel Futures Update, MSP 501 Newsletter and more.

Live Channel Events

Get the latest information on the next industry-leading Channel Partners event.

Channel Partners Online

Want more? Find more channel news and analysis on our sister site, Channel Partners.

Media Kit And Advertising

Want to reach our audience? Access our media kit

DISCOVER MORE FROM INFORMA TECH

  • Channel Partners Online
  • Channel Partners Events
  • MSP 501
  • MSSP Insider
  • IoT World Today
  • Webhostingtalk

WORKING WITH US

  • Contact
  • About us
  • Advertise
  • Newsletter

FOLLOW Channel Futures ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2021 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X