Announcement

Epic for iOS and Android are live in the App Store and the Android Play Store. We're EpicBrowser on Twitter and on Facebook. Please feel free to also email our Founder directly with issues or questions: alok at hiddenreflex dot com

#1 2015-03-04 16:54:14

darkstar1940
Guest

FREAK attack

I just saw this notice and wondered how quickly Epic would correct the vulnerability.

On Tuesday, March 3, 2015, researchers disclosed a new SSL/TLS vulnerability — the FREAK attack. The vulnerability allows attackers to intercept HTTPS connections between vulnerable clients and servers and force them to use ‘export-grade’ cryptography, which can then be decrypted or altered. There are several posts that discuss the attack in detail: Matt Green, The Washington Post, and Ed Felten.

A connection is vulnerable if the server accepts RSA_EXPORT cipher suites and the client either offers an RSA_EXPORT suite or is using a version of OpenSSL that is vulnerable to CVE-2015-0204. Vulnerable clients include many Google and Apple devices (which use unpatched OpenSSL), a large number of embedded systems, and many other software products that use TLS behind the scenes without disabling the vulnerable cryptographic suites.

This site focuses on tracking the impact of the attack. See below for:

    RSA Export Suite Statistics
    Popular Sites that Allow RSA Export Suites
    Client Test
    Sysadmin Guide


The FREAK attack was originally discovered by Karthikeyan Bhargavan at INRIA in Paris and the mitLS team. Further disclosure was coordinated by Matthew Green. This report is maintained by computer scientists at the University of Michigan, including Zakir Durumeric, David Adrian, Ariana Mirian, Michael Bailey, and J. Alex Halderman. The team can be contacted at zmap-team@umich.edu.

Offline

#2 2015-03-06 01:24:50

dlw1412
Guest

Re: FREAK attack

Epic can't even stop Webrtc leaking of REAL IP Number! Using Epic you are vulnerable to any thing. Notice the "Amazon" popup from the Epic donation tray?? Epic is a joke. Use at your own risk. Just do a Google search and others will tell you the same. This is from regular joe's to huge companies.

Offline

Board footer