Sign in to follow this  
Followers 0
petzl

POODLE ATTACK

Started by petzl,

10 posts in this topic

Posted

Interesting ... Firefox (32.0.3) was vulnerable (vulnerability patch due 25 Nov with 34 or get the add-on) but SeaMonkey (2.30) not.

Share this post

Link to post
Share on other sites

Posted

Interesting ... Firefox (32.0.3) was vulnerable (vulnerability patch due 25 Nov with 34 or get the add-on) but SeaMonkey (2.30) not.

Just doing a bit of checking on "Keep getting hacked please read"

in that case it's the use of free hotspot/open WiFi connections using mobile devices I use all the time, but often see the creepy guy with a Laptop looking my way?

They have my throwaway Gmail name but not accessing it supposed to be SSL

To secure Internet Explorer these are the settings

http://www.extremetech.com/wp-content/uploads/2014/10/SSL30.png

Share this post

Link to post
Share on other sites

Posted

Thanks, Internet Explorer was vulnerable (IE8, I just use for a few MS things - usually), that fixed it.

Share this post

Link to post
Share on other sites

Posted

when looking for the FireFox adon I upgraded to 33.0. That version is also vulnerable, so donwnloaded the adon to fix the issue. Thanks.

Share this post

Link to post
Share on other sites

Posted

SSL3.0 is under attack. Check

https://www.poodletest.com/

to see if you are vulnerable.

For FireFox get add-on

https://addons.mozilla.org/en-US/firefox/addon/disable-ssl-30/?src=api

The risk is small but once it gets around who knows

From https://addons.mozilla.org/en-US/firefox/addon/disable-ssl-30/?src=api

Currently this addon just sets the "security.tls.version.min" to 1 (generally from the default of 0). This is trivial to do via about:config but many users may want to do this without going there.

In my firefox settings (about:config):

security.tls.version.max = 3

security.tls.version.min = 0

To disable SSL v3, shouldn't max be set to 2, rather setting min to 1? Or do I misunderstand something here?

Share this post

Link to post
Share on other sites

Posted

From https://addons.mozilla.org/en-US/firefox/addon/disable-ssl-30/?src=api

In my firefox settings (about:config):

security.tls.version.max = 3

security.tls.version.min = 0

To disable SSL v3, shouldn't max be set to 2, rather setting min to 1? Or do I misunderstand something here?

The problem with SSL 3 that as your IP passes from one IP to the next where it can be intercepted

"The usage of Hotspots, public Wi-Fi, makes this attack a real problem."

http://www.symantec.com/connect/blogs/ssl-30-vulnerability-poodle-bug-aka-poodlebleed

Share this post

Link to post
Share on other sites

Posted (edited)

Thanks, that answered my question.

Not for Mobiles?

And the security on them just gets worse

http://www.youtube.com/embed/Q8xz8xKEFvU

Pays to scan your mobile device with their freeware APP for Iphone and Android

http://www.snoopwall.com/

Take care and be suspicious tried this APP out seems clean?

Edited by petzl

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0
Go To Topic Listing Geek/Tech Things