GilmerFreePress.net

G-TechNote™: HTTPS-Crippling “FREAK” Bug Affects Windows After All

Computers running all supported versions of Microsoft Windows are vulnerable to “FREAK,“ a bug disclosed Monday that for more than a decade has made it possible for attackers to decrypt HTTPS-protected traffic passing between vulnerable end-users and millions of websites.

Microsoft confirmed the vulnerability in an advisory published Thursday. A vulnerability-scanning service at FREAKAttack.com, a site that offers information about the bug, confirmed the advisory, showing that the latest version of IE 11 running on a fully patched Windows 7 machine was susceptible. Previously, it was believed that the Windows system was immune to the attacks.

FREAK attacks—short for Factoring attack on RSA-EXPORT Keys—are possible when an end-user with a vulnerable device connects to a vulnerable HTTPS-protected website. Vulnerable sites are those configured to use a weak cipher that many presumed had been retired long ago. In analyses immediately following Monday’s disclosure of FREAK, it was believed Android devices, iPhones and Macs from Apple, and smartphones from Blackberry were susceptible. The addition of Windows dramatically increases the number of users known to be vulnerable.

The Gilmer Free Press

Attackers who are in a position to monitor traffic passing between vulnerable users and vulnerable servers can inject malicious packets into the flow that will cause the two parties to use a weak 512-bit encryption key while negotiating encrypted Web sessions. Attackers can then collect some of the resulting exchange and use cloud-based computing from Amazon or other services to factor the website’s underlying private key. The process requires about seven hours and $100. From that point on, attackers on a coffee-shop hotspot, rogue employees working at an ISP, or nation-state-sponsored hackers can masquerade as the official HTTPS-protected website, a coup that allows them to read or even modify data as it passes between the site and the end-user.

Meanwhile, Android and Apple devices

On Thursday, Google developers released an updated version of Chrome for Mac that can’t be forced to use the weak 512-bit cipher, effectively closing the FREAK hole when OS X users are on the Google browser. At the time this post was being prepared, Chrome for Android remained vulnerable, and Google officials have yet to provide any public estimate on when a fix would be available. Apple officials have said patches for OS X and iOS would be released next week. Microsoft’s advisory provided no estimate on when a patch would be available, either. In the interim, people on vulnerable devices should consider using Firefox, which over the past two days has consistently been labeled as safe by the FREAKAttack site.

In recent weeks, security researchers scanned more than 14 million HTTPS-protected websites and found that 36 percent of them supported the weak cipher, meaning they are vulnerable to the attack. As of Thursday morning, vulnerable sites included AmericanExpress.com, Groupon.com, Bloomberg.com, and many more. Microsoft’s advisory offers several work-arounds for more technically inclined readers, but some of them will prevent IE from connecting as expected to certain websites.

Despite the large number of sites and end-user devices known to be vulnerable, there has been considerable debate among security professionals about just how critical the threat posed by FREAK is. Support for the argument the threat is low is the fact that it’s hard or impossible for adversaries to carry out FREAK attacks remotely or in mass numbers. Additionally, Google, Facebook, and most other large sites aren’t vulnerable. These considerations and the perception the threat is low are likely contributing to the slow pace of patches coming from Apple, Google, and Microsoft.

Still other researchers say the severity is much higher. Besides the millions of websites and incomprehensibly high number of end-user devices now known to be vulnerable, other reasons to think FREAK is severe is the fact that it has existed for a decade. That means it’s possible malicious attackers have known about and exploited it for years already.

West Virginia Network Partners with URcast to Expand Access to Learning Content for K-12 Students

Program gives students access to lessons in or outside the classroom without Internet connection

The West Virginia Network (WVNET), a branch of the West Virginia Higher Education Policy Commission, has partnered with URcast to provide K-12 students in classrooms across West Virginia access to learning content without an Internet connection.

URcast, a content distribution application customized for the K-12 classroom, provides caching services that allow students to view content without an Internet connection wherever they have a computer, tablet or smart phone. This is made possible by reallocating bandwidth and placing a caching server within the school.

“Caching speeds up student Internet access so classroom time is learning time, not waiting time,” said Paul Hill, the Commission’s Chancellor. “A faster speed of delivery can provide students with more personalized learning experiences and give teachers greater opportunities to engage their students on the lesson at hand.”

Mt. Vernon Elementary School in Barbour County is currently participating as a pilot school in the program. This rural school has seen early success with providing instructional materials, including books and videos, on students’ devices that they can access on the school bus and at home in the evenings, on weekends or on snow days without the Internet.

“Access to technology is an essential component of a world class education,” said West Virginia Superintendent of Schools Michael Martirano. “The partnership between WVNET and URcast will provide our staff and students with a valuable tool to help cross the digital divide and make learning exciting, relevant and meaningful. Having access to robust and engaging content at school, on the bus and at home will extend the learning environment to traditionally underserved areas.”

A video showcasing Mt. Vernon Elementary School’s success with the program:


WVNET is currently seeking additional pilot schools to participate in this project and bring new technology to their students. Interested schools can contact Booker Walton, Customer Resource Specialist at WVNET, at or 304-293-5192.

For more information, visit www.wvnet.edu/urcast.


Permalink - Link to This Article

~~~ Readers' Comments ~~~

Print This Article



Tumblr StumbleUpon Reddit Print Email LinkedIn Pinterest Google+ Facebook Twitter Addthis

G-TechNote™: It’s About Time: Microsoft Releases Free Office for Mac 2016 Preview

For the last 12 months, Microsoft has focused on getting its flagship Office suite on screens where it’s never been before—iPhones, iPads, and Android tablets. The Office for OS X apps were left behind, though. Microsoft released a new version of Outlook and an official OneNote client, but the core Word, Excel, and PowerPoint apps were stuck back in 2010.

The Gilmer Free Press

That changes today. Microsoft has just released a preview of Office 2016 for Mac, a suite which will include the current versions of Outlook and OneNote alongside newly updated versions of Word, Excel, and PowerPoint. The preview runs on OS X Yosemite, it’s free to use, and it includes a tool for providing feedback to Microsoft. Once the final versions of the apps ship “in the second half of 2015,“ users with Office 365 subscriptions will get the new apps immediately. There may be some kind of standalone version available for those who want it, but Microsoft hasn’t said.

The new apps take the styling introduced in OneNote and Outlook for OS X and apply it to the other apps in the suite. The ribbon interface now more closely resembles the one in Office 2013 for Windows—Office for Mac 2011 was closer to its Windows counterpart than older versions, but it still looked like a product from another company. The apps integrate much better with OneDrive than the previous versions did, and they support the standard collaborative editing features present on other platforms. All apps also play nice with OS X-specific features, including Full Screen mode, sandboxes for apps, and Retina display support.

Interested users can download the beta here, and it can be installed alongside Office 2011 if you’re not comfortable doing all your work in beta software. Microsoft’s auto-updater will patch the apps as new versions are available. Microsoft says that each build will expire after 60 days, so don’t expect free software in perpetuity.

G-TechNote™: Windows 10 - Will Your PC Run It?

The Windows 10 Technical Preview has been out for some time now, which means that it won’t be long until the Windows upgrade cycle kicks into high gear once again. But if my inbox is anything to go by, a lot of readers are still confused as to whether their existing hardware will allow them to make the leap to Windows 10.

We should not be surprised if people are confused. There’s a lot of well-meaning yet inaccurate information out there written by people who don’t really understand what makes PCs tick. It’s understandable because tech can be confusing, and the Windows 10 system requirements throw a few curve balls into the mix.

The Gilmer Free Press


The basics

OK, so what do you need to run Windows 10? Well, fortunately for us, Microsoft has already published the system requirements for Windows 10. Fire that page up because I’m going to step through the important bits of this document.

First thing that should pull your attention is this:

“Basically, if your PC can run Windows 8.1, you’re good to go. If you’re not sure, don’t worry—Windows will check your system to make sure it can install the preview.“

This is an oversimplification (we’ll get to why in a moment), but it’s a useful one nonetheless. Basically, most people running a Windows 8/8.1 system are good to go. And if you’re not sure, the installer will run a check to make sure before trying to shoehorn the operating system onto hardware it’s incompatible with.

So, what if you’re not running Windows 8/8.1? How can you decide if your hardware is up to the challenge of running Windows 10? This is where the hardware specs come into play.

Here’s what Microsoft says you need to run Windows 10:

  • Processor: 1 gigahertz (GHz) or faster
  • RAM: 1 gigabyte (GB) (32-bit) or 2 GB (64-bit)
  • Free hard disk space: 16 GB
  • Graphics card: Microsoft DirectX 9 graphics device with WDDM driver
  • A Microsoft account and Internet access

Beyond the basics

Now if you’re the sort of person who is a walking encyclopedia of tech trivia, then you might notice how these specs are the same as those for Windows 7. But there is one gotcha that you need to be aware of, and this only becomes apparent if you pull up the specs for Windows 8/8.1 and look closer at the processor specs:

  • Processor: 1 gigahertz (GHz) or faster with support for PAE, NX, and SSE2

So in order to be able to run Windows 10 (or Windows 8/8.1), you need a processor that supports PAE, NX, and SSE2. Without this, your Windows 10 fun comes to an end.

Microsoft offers a handy primer on what these mean.

  • PAE gives 32-bit processors the ability to use more than 4 GB of physical memory on capable versions of Windows, and is a prerequisite for NX.
  •      
  • NX helps your processor guard the PC from attacks by malicious     software.
  •      
  • SSE2 is a standard instruction set on processors that is   increasingly used by third-party apps and drivers.

There’s more technical information on these features H E R E.

Click Below for More...

Page 331 of 332 pages « First  <  329 330 331 332 >


The Gilmer Free Press

Copyright MMVIII-MMXVIII The Gilmer Free Press. All Rights Reserved