We posted about the affecting Freak vulnerability connections SSL / TLS by 4 March of 2015. Vulnerability can be exploited by hackers to weaken the encryption used between clients and servers when using HTTPS connections.
From vulnerability Freak 9,5% of the servers hosting the top 1 million domains on Alexa's list are affected, according to by clicking here που παρακολουθεί το ζήτημα, αλλά και προγράμματα περιήγησης στο Web, όπως το Chrome, το Safari και τον Internet Explorer.
Browsers are not necessarily vulnerable to all the systems they support. Chrome, for example, is vulnerable to Android and Mac OS X systems, but not Windows.
Firefox seems to be the only browser that is not affected by this vulnerability in all of the systems it supports.
Since Internet Explorer is affected by vulnerability in Windows, it is important to check if your computer is vulnerable. How; Below we explain the way.
The easiest way to determine if browser your vulnerability is the page it is Freak Client Test Tool which tests your browser and returns you results.
Advice: If you run a server that supports it SSL / TLS, use this tool to check for vulnerability. If your server is vulnerable, use them recommended Mozilla configurations to disable support for vulnerable encryption suites.
Ο Internet Explorer of Windows, seems to be vulnerable, and all other browsers seem to be protected by exploits.
Microsoft released a security advisory yesterday that includes a solution for some Windows systems. A few; The solution requires access to the Group Policy Editor which is only available for Windows Professional, Ultimate and Enterprise versions.
A solution for systems that do not support Group Policy Editor does not yet exist.
Let's see how it works:
Open a Run window by pressing the two Win + R keys together
Type gpedit.msc and press enter
Use the left menu and follow the Local / Computer Configuration / Administrative Templates / Network / SSL Configuration Settings path.
or Local Computer Policy / Computer Configuration / Administrative Templates / Network / SSL Configuration Settings.
Double-click the SSL Cipher Suite Order.
Change policy to enabled or enabled.
Copy the Cipher Suite from Microsoft Advisory Bulletin in the clipboard and paste it into the SSL Cipher Suites form.
Click OK and restart your computer.
This will protect Internet Explorer from vulnerability. Windows will not connect to systems that use encryption and will not support the list you added to Group Policy Editor.
In order to be safe in Windows, it is a good idea to use a different browser from Internet Explorer.
