Login
Username:

Password:

Remember me



Lost Password?

Register now!

Sections

Who's Online
185 user(s) are online (165 user(s) are browsing Forums)

Members: 0
Guests: 185

more...

Support us!
Donate

Headlines
Recent files - OS4Depot - Your one stop for AmigaOS4 files

 
Jump to the bottom of the page Bottom    View previous topic Previous Topic    View next topic Next Topic

  Register To Post  

ChrisH
Odyssey's SSL is susceptible to the Freak attack
Posted on: 2015/3/6 18:59    #1
Home away from home
Home away from home


See User information
You can test Odyssey here:
https://freakattack.com/
Go to top
xenic
Re: Odyssey's SSL is susceptible to the Freak attack
Posted on: 2015/3/7 0:50    #2
Just can't stay away
Just can't stay away


See User information
@ChrisH
Odyssey appears to be using AmiSSL so maybe it's an AmiSSL problem. RA-OWB shows the same result at that site. NetSurf just freezes after loading the page.
Amiga X1000 with 2GB memory & OS 4.1FE + Radeon HD 5450
Go to top
salass00
Re: Odyssey's SSL is susceptible to the Freak attack
Posted on: 2015/3/7 8:08    #3
Just can't stay away
Just can't stay away


See User information
@xenic

OWB uses a statically linked libopenssl (not AmiSSL) and most likely Odyssey does too. In that case the only thing that needs to be done is to compile and re-link with a newer version of libopenssl assuming that the problem has already been fixed there.
Go to top
tonyw
Re: Odyssey's SSL is susceptible to the Freak attack
Posted on: 2015/3/7 9:36    #4
Quite a regular
Quite a regular


See User information
At least TW sems to be immune.
cheers
tony
Go to top
Chris
Re: Odyssey's SSL is susceptible to the Freak attack
Posted on: 2015/3/7 10:22    #5
Amigans Defender
Amigans Defender


See User information
@xenic

Quote:
NetSurf just freezes after loading the page.


It doesn't here (using a recent dev version), but the check result doesn't display, probably because it uses Javascript.

On this page there are a couple of other links, which "if either connection succeeds, your software is vulnerable". I can't connect to either of them, so I think it's probably OK - at least in the latest dev, v3.2 might be a different story as it'll have an older OpenSSL.

Go to top
kas1e
Re: Odyssey's SSL is susceptible to the Freak attack
Posted on: 2015/3/7 16:19    #6
Home away from home
Home away from home


See User information
Quote:

OWB uses a statically linked libopenssl (not AmiSSL) and most likely Odyssey does too. In that case the only thing that needs to be done is to compile and re-link with a newer version of libopenssl assuming that the problem has already been fixed there.


Salas00 right. Odyssey build use classic/standard libopenssl, which just need to be recompiled with new version (at least os4 version, i do not remember about morphos version, but imho libopenssl as well).

Anyway, imho, all those "modern" bugs, make no hurt for us in general, as most of time no one will try to hack anyone with amigaos. Even, if it all will be related to some cross-platform attacks, most of time they will fail as something will be non supported in our browser and attack will fail :) Sure, better to have all up2date, but in our case we can no worry most of time , imho.

Go to top
Chris
Re: Odyssey's SSL is susceptible to the Freak attack
Posted on: 2015/3/8 18:45    #7
Amigans Defender
Amigans Defender


See User information
@kas1e

Quote:

Anyway, imho, all those "modern" bugs, make no hurt for us in general, as most of time no one will try to hack anyone with amigaos. Even, if it all will be related to some cross-platform attacks, most of time they will fail as something will be non supported in our browser and attack will fail :) Sure, better to have all up2date, but in our case we can no worry most of time , imho.


That's a bad attitude to have to security advisories.

Quote:
On Tuesday, March 3, 2015, researchers announced a new SSL/TLS vulnerability called the FREAK attack. It allows an attacker to intercept HTTPS connections between vulnerable clients and servers and force them to use weakened encryption, which the attacker can break to steal or manipulate sensitive data.


This is applicable to everybody.
Go to top
Templario
Re: Odyssey's SSL is susceptible to the Freak attack
Posted on: 2015/3/8 19:05    #8
Quite a regular
Quite a regular


See User information
@ChrisH
And freezes and crashes!
Go to top
djrikki
Re: Odyssey's SSL is susceptible to the Freak attack
Posted on: 2015/3/8 20:59    #9
Quite a regular
Quite a regular


See User information
@kas1e

I'd rather someone update Odyssey with something useful like a newer WebKit, Ràdeon HD support and a focus on speed. Some sites really crawl on AmigaOS.

Although it's the best browser for AmigaOS it stills needs regular updates.
Go to top
ChrisH
Re: Odyssey's SSL is susceptible to the Freak attack
Posted on: 2015/3/10 12:47    #10
Home away from home
Home away from home


See User information
@djrikki Quote:
I'd rather someone update Odyssey with something useful

So you'd rather have browser speed, at the expense of your paypal/bank/email/etc account being hacked?

This is such a common flaw (it applies to majority of Windows PCs especially if using IE), that criminals will likely be targeting it (if not already) for a long time to come.

Quote:
a focus on speed. Some sites really crawl on AmigaOS.

That's certainly true, but most of the remaining speed problems can be blamed on heavy usage of JavaScript (e.g. Facebook). Sadly we may need ANOTHER bounty to get the JavaScript JIT that is being worked on for MorphOS (assuming it's developers are willing to allow an AmigaOS4 port in the first place - which I have no idea about).

OK, another speed issue is video playback, for which usage of AmigaOS4's new YUV compositing mode *might* help a lot.
Go to top

  Register To Post

 
Jump to the top of the page Top    View previous topic Previous Topic    View next topic Next Topic




Currently Active Users Viewing This Thread: 1 ( 0 members and 1 Anonymous Users )




Powered by XOOPS 2.0 © 2001-2024 The XOOPS Project