Security Alert: Some resources for you on Superfish and the FREAK flaw

March 9th, 2015

Last year, a couple of notably-named security topics (including Heartbleed and Shellshock, aka "BASH bug")
made big news.  SPOT_Security Alert

And as of this past Friday, looks like we have a couple of new Spring 2015 contenders:

  • The FREAK security hole or flaw - in the fewest handful of words - another example of outdated, insecure encryption code that is still in use.  ZDNet has a basic overview here, as well as a recently updated, more thorough discussion here, including who's affected, what you can do, as well as a "freak attack client check" tool to see if your specific client system is vulnerable.
  • Superfish - Superfish Visual Discovery is a software that is prepackaged with Lenovo consumer-grade computers. In simplest terms, Superfish is man-in-the-middle adware that hijacks HTTPS traffic on new PCs. You can find some recent Superfish updates here and here.  And while we're on the topic of horribly insecure adware, here's some info on How to Check for Other Superfish-like Malware.

With security still on the brain, here's an interesting article we came across detailing the Most Vulnerable Operating Systems of 2014.  If you're interested in how these security flaws get their names (and who does the naming), check this out.