Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Freak Attack/Adware

Lud DiLettante

Lud DiLettante

macrumors regular
Original poster
Dec 17, 2015
149
27
Finland
I meant to ask at a Leopard Webkit site but that doesn't appear to be so easy these days. Over there, I learned about Freak Attack. So, I now installed the latest version of Webkit on my Ibook (and probably will on my G5 also once I get the Safari there going too..). But after restarting Safari, the Ibook, removing caches etc, I still get the warning at Freakattack.com. Not just that, I also keep getting a separate warning: "Your browser offers RSA_EXPORT cipher suites."

Then I read this at the FA site: "However, even if your browser is safe, certain third-party software, including some anti-virus products and adware programs, can expose you to the attack by intercepting TLS connections from the browser. If you are using a safe browser but our client test says you’re vulnerable, this is a likely cause."

I don't really understand what that means, I'm not even sure now if I'm safe or vulnerable. Any suggestions what to do next..?
 
Some anti-virus programs will intercept your connection to negotiate the TLS exchange with the server, and then sit in the middle so that it can scan stuff you download. Otherwise they would have no ability to scan anything that travels through the encrypted connection. They probably include their own TLS library that they use to do this instead of the one provided by the OS. This is probably some version of OpenSSL, and knowing most vendors, they never bother to update it, so it's probably a a vulnerable version. This means that even if your operating system's TLS library is safe, the AV program won't be using it, and thus all of your TLS connections will be negotiated with a vulnerable library.

However, if you are not running any AV products, this is not likely your problem. Someone better versed in PPC versions of OS X will have to chime in about whether you can even get a safe version of OpenSSL or whatever Apple uses in Safari.
 
Oh boy, there's more and more that I should learn about everything if I want to keep using PPC's... and I was originally attracted to Macs partly because I was very non-tech - yes, both a luddite and a dilettante... Maybe I'll try to ask Tobias Netzel (of Leopard Webkit) eventually, if this still concerns me. Thanks Joe.
 
Last edited:
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back