Help - Search - Members
Full Version: Poodle/Freak/Logjam
Kaspersky Lab Forum > English User Forum > Protection for Home Users > Kaspersky Internet Security & Anti-Virus for Windows
Claus Berghammer
After Poodle is before FREAK. KIS makes PC users not only vulnerable to Poodle (this was fixed in 15.0.2.361 which seems to be pulled back due to several critical bugs), but also to the new FREAK Attack, if "Surveillance of encrypted Network Traffic" (Sorry, don't know the right english name - "Sichere Verbindungen untersuchen" in german) is enabled.

You can easily test this on your own. Use a browser that is not vulnerable to FREAK itself (current Firefox for example) and make the test on "https://freakattack.com/clienttest.html". You should not be vulnerable. Now enable the function to inspect encrypted traffic (don't forget to import the KL-Root-Certificate), and reload the testpage - voila - vulnerable to FREAK sad.gif A Security Software that makes the PC less secure!

Hopefully Kaspersky will clean their network-stack from these problems with Poodle and FREAK soon!
Kurt S.
QUOTE(Claus Berghammer @ 6.03.2015 11:45) *
... A Security Software that makes the PC less secure! ...

This shouldn't be a surprise. It has been the case for Reverse Heartbleed, Poodle, now Freak and any future critical bug in the OpenSSL library (libeay32.dll), which is used for the KIS feature "Always scan encrypted connections".

As long as this "man-in-the-middle feature" is disabled, we are save. So the risk can be estimated.
Claus Berghammer
QUOTE(Kurt S. @ 6.03.2015 15:30) *
It has been the case for Reverse Heartbleed, Poodle, now Freak and any future critical bug in the OpenSSL library (libeay32.dll), which is used for the KIS feature "Always scan encrypted connections".


Hi Kurt,

Thanks for telling me, that KIS uses OpenSSL, didn't knew that so far. Hopefully KL will switch to one of the more secure Forks of OpenSSL soon wink.gif
And yes, sadly it's not a surprise at all sad.gif
Sadly, the MitM feature is necessary to scan e-mail-traffic for malware, a long as there is no Anti-Spam/Anti-Virus Plug-in for Thunderbird sad.gif

Greets from Austria wink.gif
_Bruno_
hi, all

Vulnerability logjam? nothing?

https://weakdh.org/

bt.gif
richbuff
We have lengthy topics in the German and Italian sections of this forum for this and similar items.

Please see: http://support.kaspersky.com/11185#block0
QUOTE
Patch B is installed automatically with database updates for Kaspersky Internet Security version 15.0.2.361 and fixes the following:

...
Issue related to the FREAK vulnerability in the OpenSSL library.
...



If you are concerned with this item, you can uncheck Scan encrypted connections, located in Kaspersky settings > Additional > Network.

More information can be had by contacting Tech Support.
Cr00zng
QUOTE(richbuff @ 24.06.2015 15:17) *
We have lengthy topics in the German and Italian sections of this forum for this and similar items.

Please see: http://support.kaspersky.com/11185#block0
If you are concerned with this item, you can uncheck Scan encrypted connections, located in Kaspersky settings > Additional > Network.


I don't see it on my system before or after following the steps described by Claus.

The system is Windows 8.1 64-bits Professional with the latest patches, Internet Explorer 11.09.9600.17842, Fire Fox 38.0.05, and KIS version 15.0.2.361 (B )

Both browsers passes the test at the site referenced by Claus...

edit: edit: (b ) sted cool.gif.
Cr00zng
I forgot to add that the recommended security configuration of Windows 8.1 and KIS aren't the only security protections on my system. It also has Microsoft EMET 5.2 and Malwarebyte Anti-Exploit Premium running on this system. I suspect that Malwarebyte may have something to do with stopping the FREAK test.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2017 Invision Power Services, Inc.