You are not logged in.
I just saw this notice and wondered how quickly Epic would correct the vulnerability.
On Tuesday, March 3, 2015, researchers disclosed a new SSL/TLS vulnerability — the FREAK attack. The vulnerability allows attackers to intercept HTTPS connections between vulnerable clients and servers and force them to use ‘export-grade’ cryptography, which can then be decrypted or altered. There are several posts that discuss the attack in detail: Matt Green, The Washington Post, and Ed Felten.
A connection is vulnerable if the server accepts RSA_EXPORT cipher suites and the client either offers an RSA_EXPORT suite or is using a version of OpenSSL that is vulnerable to CVE-2015-0204. Vulnerable clients include many Google and Apple devices (which use unpatched OpenSSL), a large number of embedded systems, and many other software products that use TLS behind the scenes without disabling the vulnerable cryptographic suites.
This site focuses on tracking the impact of the attack. See below for:
RSA Export Suite Statistics
Popular Sites that Allow RSA Export Suites
Client Test
Sysadmin Guide
The FREAK attack was originally discovered by Karthikeyan Bhargavan at INRIA in Paris and the mitLS team. Further disclosure was coordinated by Matthew Green. This report is maintained by computer scientists at the University of Michigan, including Zakir Durumeric, David Adrian, Ariana Mirian, Michael Bailey, and J. Alex Halderman. The team can be contacted at [email protected].
Offline
Epic can't even stop Webrtc leaking of REAL IP Number! Using Epic you are vulnerable to any thing. Notice the "Amazon" popup from the Epic donation tray?? Epic is a joke. Use at your own risk. Just do a Google search and others will tell you the same. This is from regular joe's to huge companies.
Offline