• IT Support Provider letting you down?

    There is a better way...

    Request a Quote
  • Is your head in The Cloud? Let us guide you through the Virtualisation maze...

    Call us on 01268 575300 for more information

    Request a Quote
  • Due for an IT systems upgrade or rethink? We can offer solutions for every budget.

    Call us on 01268 575300 to find out more

    Request a Quote

Millions of computer users at risk from “Freak”

clip_image002At the end of last week, Microsoft issued a major security warning about a computer bug that has been named “Freak” and announced that it was working on a security update to tackle it.

Initially it was thought that only some users of Android and Blackberry phones were at risk, along with users of Apple’s Safari web browser, but it was later discovered that in fact millions of computer users are at risk.

The bug is a loophole that has been found in software that is used to encrypt data passing between web servers and web users. If exploited, Freak could let cyber attackers spy on what had previously been believed to be secure communications. The SSL/TLS vulnerability was announced on Tuesday 3rd March. The issue was discovered by Karthikeyan Bhargavan, an encryption and security expert at INRIA in Paris, and allows attackers to force data that is travelling between a vulnerable site and a visitor to use weak encryption, making it easier for the attacker to crack open the data and steal or manipulate sensitive information.

On 5th March, Microsoft released a security advisory note which said that it had not received any information that showed that the flaw was being actively exploited by cybercriminals, but did say that every current version of Windows that uses the browser Internet Explorer (IE) was vulnerable to Freak, as was any non-Microsoft software that calls on a part of Windows called Secure Channel. It suggested some ways to tackle the issue on its software but said that these fixes could go on to cause serious problems with other programs. In a sign of how seriously it was taking the bug, it announced a security update on 10th March, a week after it was first announced. Apple is expected to produce a patch to tackle the issue in the next week, and Google has updated Chrome for the Mac in response, but has yet to say what action it is taking with Android. Chrome for Windows and all modern versions of Firefox are known to be safe, but certain third-party software could still leave you vulnerable.

A group has been set up to monitor the impact of Freak and to help people check to see if they are using a browser that makes them vulnerable. They believe that around 9.5% of the top one million websites are at risk of being attacked, 36.7% of HTTPS servers with browser-trusted certificates and 26.3% of all HTTPS servers are at risk. You can view their website at https://freakattack.com/ and keep up to date with all developments regarding Freak, including security updates.

If you are concerned about how your business might be affected by Freak, or for any other help regarding computer viruses, spam and other IT related issues, please visit http://www.computer-support-essex.co.uk/ or give us a call on 01268 575300.

No comments :

Post a Comment