Home  
Login
Username:

Password:

Remember me



Lost Password?

Register now!
Sections
Who's Online
9 user(s) are online (9 user(s) are browsing Forums)

Members: 0
Guests: 9

more...
Support us!
Recent OS4 Files
OS4Depot.net





Odyssey's SSL is susceptible to the Freak attack
Posted on: 2015/3/6 18:59   #1
Home away from home
Joined:
2007/5/19 13:23
Posts: 2815
You can test Odyssey here:
https://freakattack.com/
   Report Go to top

Re: Odyssey's SSL is susceptible to the Freak attack
Posted on: 2015/3/7 0:50   #2
Quite a regular
Joined:
2008/1/6 17:56
From Pennsylvania, USA
Posts: 773
@ChrisH
Odyssey appears to be using AmiSSL so maybe it's an AmiSSL problem. RA-OWB shows the same result at that site. NetSurf just freezes after loading the page.
   Report Go to top

Re: Odyssey's SSL is susceptible to the Freak attack
Posted on: 2015/3/7 8:08   #3
Just can't stay away
Joined:
2006/11/30 11:30
From Finland
Posts: 1281
@xenic

OWB uses a statically linked libopenssl (not AmiSSL) and most likely Odyssey does too. In that case the only thing that needs to be done is to compile and re-link with a newer version of libopenssl assuming that the problem has already been fixed there.
   Report Go to top

Re: Odyssey's SSL is susceptible to the Freak attack
Posted on: 2015/3/7 9:36   #4
Quite a regular
Joined:
2006/12/2 0:35
From Sydney
Posts: 629
At least TW sems to be immune.
   Report Go to top

Re: Odyssey's SSL is susceptible to the Freak attack
Posted on: 2015/3/7 10:22   #5
Amigans Defender
Joined:
2006/11/17 22:40
From England
Posts: 2862
@xenic

Quote:
NetSurf just freezes after loading the page.


It doesn't here (using a recent dev version), but the check result doesn't display, probably because it uses Javascript.

On this page there are a couple of other links, which "if either connection succeeds, your software is vulnerable". I can't connect to either of them, so I think it's probably OK - at least in the latest dev, v3.2 might be a different story as it'll have an older OpenSSL.

   Report Go to top

Re: Odyssey's SSL is susceptible to the Freak attack
Posted on: 2015/3/7 16:19   #6
Home away from home
Joined:
2007/9/11 11:31
From Russia
Posts: 3846
Quote:

OWB uses a statically linked libopenssl (not AmiSSL) and most likely Odyssey does too. In that case the only thing that needs to be done is to compile and re-link with a newer version of libopenssl assuming that the problem has already been fixed there.


Salas00 right. Odyssey build use classic/standard libopenssl, which just need to be recompiled with new version (at least os4 version, i do not remember about morphos version, but imho libopenssl as well).

Anyway, imho, all those "modern" bugs, make no hurt for us in general, as most of time no one will try to hack anyone with amigaos. Even, if it all will be related to some cross-platform attacks, most of time they will fail as something will be non supported in our browser and attack will fail :) Sure, better to have all up2date, but in our case we can no worry most of time , imho.

   Report Go to top

Re: Odyssey's SSL is susceptible to the Freak attack
Posted on: 2015/3/8 18:45   #7
Amigans Defender
Joined:
2006/11/17 22:40
From England
Posts: 2862
@kas1e

Quote:

Anyway, imho, all those "modern" bugs, make no hurt for us in general, as most of time no one will try to hack anyone with amigaos. Even, if it all will be related to some cross-platform attacks, most of time they will fail as something will be non supported in our browser and attack will fail :) Sure, better to have all up2date, but in our case we can no worry most of time , imho.


That's a bad attitude to have to security advisories.

Quote:
On Tuesday, March 3, 2015, researchers announced a new SSL/TLS vulnerability called the FREAK attack. It allows an attacker to intercept HTTPS connections between vulnerable clients and servers and force them to use weakened encryption, which the attacker can break to steal or manipulate sensitive data.


This is applicable to everybody.
   Report Go to top

Re: Odyssey's SSL is susceptible to the Freak attack
Posted on: 2015/3/8 19:05   #8
Quite a regular
Joined:
2010/3/28 14:03
From Palencia (capital of the mythical Vaccean Kingdom)
Posts: 557
@ChrisH
And freezes and crashes!
   Report Go to top

Re: Odyssey's SSL is susceptible to the Freak attack
Posted on: 2015/3/8 20:59   #9
Quite a regular
Joined:
2010/5/16 11:20
From Grimsby, UK
Posts: 914
@kas1e

I'd rather someone update Odyssey with something useful like a newer WebKit, Ràdeon HD support and a focus on speed. Some sites really crawl on AmigaOS.

Although it's the best browser for AmigaOS it stills needs regular updates.
   Report Go to top

Re: Odyssey's SSL is susceptible to the Freak attack
Posted on: 2015/3/10 12:47   #10
Home away from home
Joined:
2007/5/19 13:23
Posts: 2815
@djrikki Quote:
I'd rather someone update Odyssey with something useful

So you'd rather have browser speed, at the expense of your paypal/bank/email/etc account being hacked?

This is such a common flaw (it applies to majority of Windows PCs especially if using IE), that criminals will likely be targeting it (if not already) for a long time to come.

Quote:
a focus on speed. Some sites really crawl on AmigaOS.

That's certainly true, but most of the remaining speed problems can be blamed on heavy usage of JavaScript (e.g. Facebook). Sadly we may need ANOTHER bounty to get the JavaScript JIT that is being worked on for MorphOS (assuming it's developers are willing to allow an AmigaOS4 port in the first place - which I have no idea about).

OK, another speed issue is video playback, for which usage of AmigaOS4's new YUV compositing mode *might* help a lot.
   Report Go to top





[Advanced Search]


Powered by XOOPS 2.0 © 2001-2014 The XOOPS Project