There's good news and bad news on the latest website security threat called "FREAK," but there's also no reason to freak out as fixes and patches are in the works. Users can take action on their own to batten down the hatches against the security threat.
First, the bad news: FREAK, which is the sort of funny acronym for the not-so-funny Factoring attack on RSA-EXPORT Keys, is a threat to more than just websites and devices using old encryption technology. It's a bit worse than how one researcher initially described it: "as a zombie from the '90s."
The FREAK security encryption flaw affects Apple's SSL implementation and has been found in Microsoft's Secure Channel stack. So, pretty much anyone who uses Windows or Internet Explorer at this point may be at risk. Initial reports claimed that just Apple iOS, OS X (Safari) browsers and Android browsers were vulnerable to FREAK.
"Our investigation has verified that the vulnerability could allow an attacker to force the downgrading of the cipher suites used in an SSL/TLS connection on a Windows client system," Microsoft stated in its advisory notice, describing the vulnerability as an industry-wide issue.
Now the good news: Microsoft says there have been no reports about FREAK being publicly used to attack sites or systems, and Microsoft will likely issue a software patch this upcoming week as part of its Patch Tuesday effort (March 10).
As Apple and other big-name tech vendors ready patches and are helping clients shore up encryption software, PC users can protect their Internet activity by using the Google Chrome browser for now and following this advice from Microsoft:
- Check out this tool to determine if your system is vulnerable. (Chrome and Firefox users can breathe easier than others, for example, but anyone running Windows Server must take action.)
- Put a firewall in place if you don't have one.
- Install anti-virus software if you haven't already.
- Ensure that your Microsoft software is updated and apply the latest patches.
- Only use browsers deemed safe at this point: Chrome, Firefox, Opera on Windows, Firefox on OS X, Firefox on Android and Chrome on iOS.