Freak Attack/Adware

Discussion in 'PowerPC Macs' started by Lud DiLettante, Dec 17, 2015.

  1. Lud DiLettante macrumors regular

    Lud DiLettante

    Joined:
    Dec 17, 2015
    Location:
    Finland
    #1
    I meant to ask at a Leopard Webkit site but that doesn't appear to be so easy these days. Over there, I learned about Freak Attack. So, I now installed the latest version of Webkit on my Ibook (and probably will on my G5 also once I get the Safari there going too..). But after restarting Safari, the Ibook, removing caches etc, I still get the warning at Freakattack.com. Not just that, I also keep getting a separate warning: "Your browser offers RSA_EXPORT cipher suites."

    Then I read this at the FA site: "However, even if your browser is safe, certain third-party software, including some anti-virus products and adware programs, can expose you to the attack by intercepting TLS connections from the browser. If you are using a safe browser but our client test says you’re vulnerable, this is a likely cause."

    I don't really understand what that means, I'm not even sure now if I'm safe or vulnerable. Any suggestions what to do next..?
     
  2. 556fmjoe macrumors 65816

    Joined:
    Apr 19, 2014
    #2
    Some anti-virus programs will intercept your connection to negotiate the TLS exchange with the server, and then sit in the middle so that it can scan stuff you download. Otherwise they would have no ability to scan anything that travels through the encrypted connection. They probably include their own TLS library that they use to do this instead of the one provided by the OS. This is probably some version of OpenSSL, and knowing most vendors, they never bother to update it, so it's probably a a vulnerable version. This means that even if your operating system's TLS library is safe, the AV program won't be using it, and thus all of your TLS connections will be negotiated with a vulnerable library.

    However, if you are not running any AV products, this is not likely your problem. Someone better versed in PPC versions of OS X will have to chime in about whether you can even get a safe version of OpenSSL or whatever Apple uses in Safari.
     
  3. Lud DiLettante, Dec 19, 2015
    Last edited: Dec 19, 2015

    Lud DiLettante thread starter macrumors regular

    Lud DiLettante

    Joined:
    Dec 17, 2015
    Location:
    Finland
    #3
    Oh boy, there's more and more that I should learn about everything if I want to keep using PPC's... and I was originally attracted to Macs partly because I was very non-tech - yes, both a luddite and a dilettante... Maybe I'll try to ask Tobias Netzel (of Leopard Webkit) eventually, if this still concerns me. Thanks Joe.
     

Share This Page