Warning - Freak vulnerability on ecommerce

[CMD-Ky]

Firefox 36.01 with Kapersky passes.

 

[rolygate]

Roly, would you mind if I shared your post information with my Facebook family? This info should be broadcast on News Channels for everyone to see.

Sure, go ahead.

I'm not sure how critical this alert is but fixing it can't hurt.

 

[Shawn Hoefer]

If you can install the latest version of Chrome, you should be OK.

Incorrect. I've tested opera, chrome, and the default android browser that is installed on my Galaxy Note 4 -all latest versions - all fail.

 

[Stosh]

Incorrect. I've tested opera, chrome, and the default android browser that is installed on my Galaxy Note 4 -all latest versions - all fail.

Mobil browsers are a special case, they seem to be the least patched and most often vulnerable.

 

[rolygate]

Incorrect. I've tested opera, chrome, and the default android browser that is installed on my Galaxy Note 4 -all latest versions - all fail.

As far as we know, this can only happen if you are running an A/V with its own proxy, such as Avast with the Web Shield turned on. Otherwise all the data so far including the security people's advice on browsers / OS / devices is wrong.

If you have no antivirus then this looks like a first. If you have Avast then update it (latest patch fixes the issue) or turn off the Web Shield. But - check the browser / OS list first, if your combo is listed as a fail, then that is the answer.

 

[retired1]

Incorrect. I've tested opera, chrome, and the default android browser that is installed on my Galaxy Note 4 -all latest versions - all fail.

Ensure you're installing the latest version from Google Play. If you're installing from the provider, it's not going to be up to date.

 

[QueenMaster]

Thank you Roly for posting this including the Avast info. After I turned web shield off both my Firefox and Chrome passed. So I can confirm that the Avast web shield also affected my Chrome browser.

 

[DreamWithin]

Thank you Roly for posting this including the Avast info. After I turned web shield off both my Firefox and Chrome passed. So I can confirm that the Avast web shield also affected my Chrome browser.

Make sure you update Avast to the latest version, then you can leave your web shield on

For some reason, the most current version was not automatically applied for me even though released almost a week ago, I had to manually run the update. So even if Avast says you're all up to date, open it up and choose "Settings" and then "Update" in the menu to see if you actually have the latest version (2015.10.2.2214)

EDIT: note that that version number was taken from the paid version. I'm not sure if there are any differences in version numbers for the free one

 

[Shawn Hoefer]

Ensure you're installing the latest version from Google Play. If you're installing from the provider, it's not going to be up to date.

I always use google Play.

Firefox for Android does not seem to be affected.

 

[oplholik]

Internet Explorer Patch available now — Security advisory

Just downloaded the patch, and now I get "Page cannot be displayed" instead of the "Vulnerable"

 

[Nermal]

Sadness. I don't think XP is supported any longer.

Windows XP here. My IE is VULNERABLE, my Google Chrome is not. Thanks, Roly!

 

[retired1]

Sadness. I don't think XP is supported any longer.

It isn't, and really should not be used to access anything on the Internet.

 

[DreamWithin]

XP was officially obsolete and no longer supported by MS as of April 2014. Any vulnerabilities that were present at that time (and any discovered afterward) are unlikely to be addressed

 

[fogging_katrider]

[edited]

Thanks for the heads up Roly

 

[Sgt. Pepper]

The update from microsoft today fixed the vulnerability of IE.

 

[MacTechVpr]

A security warning for ecommerce purchases has been published Friday March 7th.

Some browsers have an HTTPS encryption vulnerability that can lead to your data being stolen by the web traffic being intercepted and the code easily cracked.

Check to see if your browser passes the exploit test below.

Exploit test:
https://cve.freakattack.com

Mine, too. Apple is supposed to be releasing a patch, this coming week.

Thanks for the test link roly.

LB, Apple's update is live on the Apple Store page.

Good luck all.

 

[Katya]

I'm getting an SSL connection error.

I guess it's good news?

Thanks Roly!

 

[mightymen]

Just checked it out again and my Android tablet is secure today.

 

[DC2]

Just checked it out again and my Android tablet is secure today.

What did you do to fix the problem?

 

[mightymen]

What did you do to fix the problem?

It updates when needed and I guess that's what happen because this morning I checked with the test link and it was good to go.

Android 4.2