12

Mar

Coronovirus: Stay Connected, Work Remotely

We'll help you stay safe AND productive!
10

Sep

*Job Opening: IT Support Specialist*

We are excitedly seeking our next Relia IT team member! Details here...
18

Jan

WPA2, Meltdown & Spectre Flaws: We are ALL at Risk

Learn about wireless & CPU vulnerabilities that need your attention.
14

May

"Unsticking" Windows Updates

Dealing with “Stage 3 of 3 Preparing to configure Windows. Do not turn off your…
10

Mar

Should You "FREAK" Out About the Latest Internet Security Threat?

Find out about the new Internet vulnerability & how to protect your systems!
24

Nov

You're a Mean One, Mr. Tech!

How to keep pop-up Internet ads from stealing Christmas surprises...
22

Jan

R.I.P. Windows XP & Office 2003 - Support Ending SOON!

For Windows XP & Office 2003 users, April 8 is a significant "dead"-line...
18

Jun

Soar into the Cloud with Microsoft Office 365!

Access your favorite Microsoft Office programs anywhere, anytime!
26

Apr

Relia IT Links Up With Lenovo

We are now offering IT solutions from Lenovo!
4

Sep

To Click Or Not To Click

Viruses and spyware do not come with name tags. What links should you avoid?

News

Should You "FREAK" Out About the Latest Internet Security Threat?

Last week, researchers discovered a widespread computer vulnerability dubbed FREAK. Many web browsers, as well as web servers, are at risk. That means your passwords, credit card numbers, social security numbers, absolutely ANYTHING you transfer between your computer and a website, could potentially be accessed and stolen by hackers.

It is hard to say how many systems are affected, because FREAK depends on the combination of web server and web client, such as Internet Explorer or Google Chrome. The FREAK exploit allows an attacker to unencrypt and glean all data transferred between a vulnerable server and client, even though it looks to be secured with https. Microsoft has yet to release an update for its operating systems, but one should be available within the next month. (That is my guess, although it MAY even be released in today’s 03/10/2015 monthly Windows Update list.)

Every year or so, a major Internet vulnerability is discovered and published in the security community. Although the vulnerability may have actually existed for years, once made public, it is only a matter of time before “hackers” are scanning the Internet for at-risk systems.

The last major vulnerability was in OpenSSL, which also enables encrypted communications with web servers. That vulnerability, called Heartbleed, was in the wild for quite a while before being patched last April with an updated version of OpenSSL. Heartbleed affected an estimated 66% of the world's web servers. (Please note: it is always up to system administrators to actually apply the patch once available.)

Luckily, there is a workaround for FREAK that can be implemented through group policy on Microsoft domain networks or on individual PCs on peer to peer networks by disabling the at-risk encryption options. Most web browsers also have specific workarounds or updates available. Some businesses may only be protecting their own information, while others may need to ensure patient or client data is kept secure.

A website has been setup for up-to-date details, links to more information, and a few self-test tools for the FREAK vulnerability at https://freakattack.com/

If you think you or your business may need to mitigate this latest Internet threat, or believe it may be time to perform overdue system maintenance or upgrades, please contact the Relia IT office at 256-415-7501.