1. Ment's Avatar
    ?FREAK: Another day, another serious SSL security hole | ZDNet

    The Washington Post reported today that cryptographers from IMDEA, a European Union research group; INRIA, a French research company; and Microsoft Research have found out that "They could force browsers to use the old export-grade encryption then crack it over the course of just a few hours. Once cracked, hackers could steal passwords and other personal information and potentially launch a broader attack on the Websites themselves by taking over elements on a page, such as a Facebook 'Like' button."
    Basically you would be vulnerable where anyone has access to a router/wifi traffic or other network access where they could initiate a man-in-the-middle attack and break the weaker encryption.

    Freak Attack Checker

    I can confirm Firefox browser is not vulnerable.
    03-03-15 05:34 PM
  2. Dave Bourque's Avatar
    FREAK Flaw Browser Vulnerabilty-img_20150303_184026.png
    Safe here

    Posted via CB10
    03-03-15 05:40 PM
  3. Prem WatsApp's Avatar
    FREAK Flaw Browser Vulnerabilty-img_20150304_100206.png

    Passport 10.3.0 apparently affected to some extent, 8-o

    but blackberry.com is not listed as a site itself... :-)

      "Oh Classic, you are the fairest here so true. But Passport is a thousand times more powerful than you..." (no offense, Classic is a great device, when it's charged)  
    03-03-15 06:03 PM
  4. Prem WatsApp's Avatar
    Should we "freak" out now and update...?

    :-)

      "Oh Classic, you are the fairest here so true. But Passport is a thousand times more powerful than you..." (no offense, Classic is a great device, when it's charged)  
    03-03-15 06:05 PM
  5. Ment's Avatar
    The pragmatic thing to do is not use banking etc on public wifi for the time being until browser and server updates are released. Your home connection is probably safe unless you have an hacker as a neighbor.
    03-03-15 06:09 PM
  6. howarmat's Avatar
    I think chrome throws the same screen as you see with 10.3 above
    03-03-15 06:12 PM
  7. Ment's Avatar
    N4BB says Freak affects all BB10 versions including 10.3.1.2267 . Guess the fix will come with the next OS update which hopefully fixes other bugs noted with 10.3.1 .
    anon(8908445) likes this.
    03-04-15 11:36 AM
  8. kbz1960's Avatar
    What I find funny is iOS has a date for the fix, android already patched it and bb the security expert is just investigating with no date for a fix. Security boss indeed.
    03-04-15 11:39 AM
  9. Bla1ze's Avatar
    N4BB says Freak affects all BB10 versions including 10.3.1.2267 . Guess the fix will come with the next OS update which hopefully fixes other bugs noted with 10.3.1 .
    That's not what was said at all.

    Ars also learned from two unnamed sources that even BlackBerry OS 10.3.1.2267 is allegedly vulnerable. When visiting the test site https://freakattack.com it reveals the BlackBerry 10 browser is vulnerable.
    And the comments from BlackBerry don't confirm or deny. Just that they're looking into it.

    “BlackBerry is comprehensively investigating the “FREAK” vulnerability industry issue and we will take any action necessary to ensure our customers are protected.”
    And as of now there's nothing on their advisory list concerning it, nor has it been published in the BlackBerry Knowledge Base.

    http://ca.blackberry.com/enterprise/...sories-notices
    http://btsc.webapps.blackberry.com/b...s/microsite.do
    03-04-15 11:39 AM
  10. Ment's Avatar
    Lucas Atkins 9 hours ago


    All known versions even up to the latest known. Not misleading anyone…
    You and I both know BB is slow in putting out public info on vulnerabilities. Thats not surprising.
    03-04-15 11:43 AM
  11. Dave Bourque's Avatar
    That's not was said at all.



    And the comments from BlackBerry don't confirm or deny. Just that they're looking into it.



    And as of now there's nothing on their advisory list concerning it, nor has it been published in the BlackBerry Knowledge Base.

    http://ca.blackberry.com/enterprise/...sories-notices
    http://btsc.webapps.blackberry.com/b...s/microsite.do
    The screenshots above said I was fine. But now it says something different... kinda weird.



    Posted via CB10
    03-04-15 11:43 AM
  12. Bla1ze's Avatar
    You and I both know BB is slow in putting out public info on vulnerabilities. Thats not surprising.
    Indeed but until they do it's hard to nail down which, if any versions, are affected. I've done the tests and come up both saying affected and not affected. Seems to be some shadiness in the testing.

    Edit: Yup, Dave confirms it.. some weirdness in the testing.
    03-04-15 11:47 AM
  13. jic999's Avatar
    Seems like BlackBerry patched it no Red warnings and freakattack.com cannot test the BlackBerry browser

    Posted via CB10
    03-07-15 06:00 AM
  14. blackmoe's Avatar
    Indeed but until they do it's hard to nail down which, if any versions, are affected. I've done the tests and come up both saying affected and not affected. Seems to be some shadiness in the testing.

    Edit: Yup, Dave confirms it.. some weirdness in the testing.
    The test could simply be checking your browser's User Agent string which is a lame test if true.
    03-07-15 09:05 AM
  15. yhamaie's Avatar
    Indeed but until they do it's hard to nail down which, if any versions, are affected. I've done the tests and come up both saying affected and not affected. Seems to be some shadiness in the testing.
    It has been revealed that all variations of Windows are vulnerable . . . I wonder if BlackBerry 10 OS and its browser are vulnerable.

    Microsoft Security Advisory 3046015 - Vulnerability in Schannel Could Allow Security Feature Bypass
    03-08-15 11:01 PM
  16. Prem WatsApp's Avatar
    The screenshots above said I was fine. But now it says something different... kinda weird.



    Posted via CB10
    That's weird, Dave. So your device shows a vulnerability now?
    That's rather strange...

    Let's see what's gonna happen.

      "Oh Classic, you are the fairest here so true. But Passport is a thousand times more powerful than you..." (no offense, Classic is a great device, when it's charged)  
    03-08-15 11:22 PM
  17. MADBRADNYC's Avatar
    Uh oh?

    FREAK Flaw Browser Vulnerabilty-img_20150309_004838.png

    T-Mobile Z10STL100-3/10.2.1.2228

    I didn't check my Q10 yet, but it's probably the same since it's the same OS..

    Posted via CB10
    03-08-15 11:50 PM
  18. TheBirdDog's Avatar
    An unnamed source says that the primary target for FREAKers are those that run web based tests for their vulnerability. Once the test is run, you are 1/3rd more susceptible to an attack. Also, paranoia is statistically more apparent in people who consume more than the average amount of cottage cheese.

    Posted via my BlackBerry Passport
    kbz1960 and Prem WatsApp like this.
    03-09-15 12:06 AM
  19. Prem WatsApp's Avatar
    An unnamed source says that the primary target for FREAKers are those that run web based tests for their vulnerability. Once the test is run, you are 1/3rd more susceptible to an attack. Also, paranoia is statistically more apparent in people who consume more than the average amount of cottage cheese.

    Posted via my BlackBerry Passport
    Dude, link or go away... ;-D

    J/k, love your comments, but hey, that cottage cheese thing needs closer scrutiny, haha... :-)

    (so you reckon that website is a trap or target procurement effort, lol?)

      "Oh Classic, you are the fairest here so true. But Passport is a thousand times more powerful than you..." (no offense, Classic is a great device, when it's charged)  
    03-09-15 05:24 AM
  20. jic999's Avatar
    I received the update on my Z30 via Rogers, but my Passport still tests Red is the update coming for the Passport and Classic in the major carriers ?

    Posted via CB10
    03-19-15 04:20 AM

Similar Threads

  1. Z30 Browser 10.3.1 issues and a Fix.
    By jic999 in forum Ask a Question
    Replies: 5
    Last Post: 03-31-15, 09:44 AM
  2. How do I view what time I viewed something on the Browser?
    By Evan_Parsons in forum BlackBerry 10 OS
    Replies: 1
    Last Post: 03-03-15, 09:12 AM
  3. Flash in native browser petition
    By sorinv in forum BlackBerry Passport
    Replies: 8
    Last Post: 03-02-15, 04:25 PM
  4. can't use Google chrome and Uc Web browser on my z3
    By oza19 in forum Ask a Question
    Replies: 3
    Last Post: 03-02-15, 12:02 PM
  5. 10.3 browser new tab on long hold
    By trevorcroft in forum BlackBerry Q10
    Replies: 0
    Last Post: 03-01-15, 11:55 PM
LINK TO POST COPIED TO CLIPBOARD