Millions of computer users at risk from “Freak”
Initially it was thought that only some users of Android and Blackberry phones were at risk, along with users of Apple’s Safari web browser, but it was later discovered that in fact millions of computer users are at risk.
The bug is a loophole that has been found in software that is used to encrypt data passing between web servers and web users. If exploited, Freak could let cyber attackers spy on what had previously been believed to be secure communications. The SSL/TLS vulnerability was announced on Tuesday 3rd March. The issue was discovered by Karthikeyan Bhargavan, an encryption and security expert at INRIA in Paris, and allows attackers to force data that is travelling between a vulnerable site and a visitor to use weak encryption, making it easier for the attacker to crack open the data and steal or manipulate sensitive information.
On 5th March, Microsoft released a security advisory note which said that it had not received any information that showed that the flaw was being actively exploited by cybercriminals, but did say that every current version of Windows that uses the browser Internet Explorer (IE) was vulnerable to Freak, as was any non-Microsoft software that calls on a part of Windows called Secure Channel. It suggested some ways to tackle the issue on its software but said that these fixes could go on to cause serious problems with other programs. In a sign of how seriously it was taking the bug, it announced a security update on 10th March, a week after it was first announced. Apple is expected to produce a patch to tackle the issue in the next week, and Google has updated Chrome for the Mac in response, but has yet to say what action it is taking with Android. Chrome for Windows and all modern versions of Firefox are known to be safe, but certain third-party software could still leave you vulnerable.
A group has been set up to monitor the impact of Freak and to help people check to see if they are using a browser that makes them vulnerable. They believe that around 9.5% of the top one million websites are at risk of being attacked, 36.7% of HTTPS servers with browser-trusted certificates and 26.3% of all HTTPS servers are at risk. You can view their website at https://freakattack.com/ and keep up to date with all developments regarding Freak, including security updates.
If you are concerned about how your business might be affected by Freak, or for any other help regarding computer viruses, spam and other IT related issues, please visit http://www.computer-support-essex.co.uk/ or give us a call on 01268 575300.
ECL recognises that every client is different, and every client has a different IT support requirement. Whatever the size of your business, we can offer a support scenario to suit your needs.
Whether your business already uses Cloud services or you’re considering the Cloud as a possible way forward, talk to us first. We can provide anything from fully hosted IT infrastructures on our own ECL Private Cloud, to simple on-line backups. We can also give expert advice on Office 365 and other Cloud platforms.
How would losing access to your IT systems and data for days, or even weeks, affect your business? For many if not most companies this would be a nightmare scenario, with potentially very serious consequences.