This latest attack, or hack, is more ‘device’ related than network related, so it is important that all devices be updated as well as networks.
This Vulnerability can allow and attacker to use a ‘Man in the Middle’ type connection to gain access to all your information sent to and from a website (login information) as well as possibly gain access to your device as well, to view information on the device and possibly install items (ransomware) on your device.
Check with your device manufacturer to get a security update or patch to protect against this new found vulnerability.
This attack is not limited to recovering login credentials (i.e. e-mail addresses and passwords). In general, any data or information that the victim transmits can be decrypted.
Additionally, depending on the device being used and the network setup, it is also possible to decrypt data sent towards the victim (e.g. the content of a website). Although websites or apps may use HTTPS as an additional layer of protection, we warn that this extra protection can (still) be bypassed in a worrying number of situations. For example, HTTPS was previously bypassed in non-browser software, in Apple’s iOS and OS X, in Android apps, in Android apps again, in banking apps, and even in VPN apps.
Currently, at the writing of this, neither does ANDROID nor APPLE have a stable release of OS to combat or protect you against this attack.
Windows 10 Operating Systems patch for this was released back on the 10th of October.
Queen City Business network is already verifying the security settings for their clients most are on windows 10 and their network items already updated.
We would love to hear discussion and feed back on this latest located loophole.
What are your thoughts?
What were your experiences?
…and, as always, feel free to contact us for help!