petzl 0 Posted October 24, 2014 SSL3.0 is under attack. Check https://www.poodletest.com/ to see if you are vulnerable. For FireFox get add-on https://addons.mozilla.org/en-US/firefox/addon/disable-ssl-30/?src=api The risk is small but once it gets around who knows Share this post Link to post Share on other sites
Farelf 0 Posted October 24, 2014 Interesting ... Firefox (32.0.3) was vulnerable (vulnerability patch due 25 Nov with 34 or get the add-on) but SeaMonkey (2.30) not. Share this post Link to post Share on other sites
petzl 0 Posted October 24, 2014 Interesting ... Firefox (32.0.3) was vulnerable (vulnerability patch due 25 Nov with 34 or get the add-on) but SeaMonkey (2.30) not. Just doing a bit of checking on "Keep getting hacked please read" in that case it's the use of free hotspot/open WiFi connections using mobile devices I use all the time, but often see the creepy guy with a Laptop looking my way? They have my throwaway Gmail name but not accessing it supposed to be SSL To secure Internet Explorer these are the settings http://www.extremetech.com/wp-content/uploads/2014/10/SSL30.png Share this post Link to post Share on other sites
Farelf 0 Posted October 24, 2014 Thanks, Internet Explorer was vulnerable (IE8, I just use for a few MS things - usually), that fixed it. Share this post Link to post Share on other sites
Lking 0 Posted October 24, 2014 when looking for the FireFox adon I upgraded to 33.0. That version is also vulnerable, so donwnloaded the adon to fix the issue. Thanks. Share this post Link to post Share on other sites
Dave_L 0 Posted October 24, 2014 SSL3.0 is under attack. Check https://www.poodletest.com/ to see if you are vulnerable. For FireFox get add-on https://addons.mozilla.org/en-US/firefox/addon/disable-ssl-30/?src=api The risk is small but once it gets around who knows From https://addons.mozilla.org/en-US/firefox/addon/disable-ssl-30/?src=api Currently this addon just sets the "security.tls.version.min" to 1 (generally from the default of 0). This is trivial to do via about:config but many users may want to do this without going there. In my firefox settings (about:config): security.tls.version.max = 3 security.tls.version.min = 0 To disable SSL v3, shouldn't max be set to 2, rather setting min to 1? Or do I misunderstand something here? Share this post Link to post Share on other sites
Farelf 0 Posted October 24, 2014 http://kb.mozillazine.org/Security.tls.version.* security.tls.version.max = 3 3=TLS 1.2 is the minimum required / maximum supported encryption protocol.... SSL 3.0 is specified by 0 in those settings. Yes, I know Another checker, mentioned in Mozilla pages, is https://www.ssllabs.com/ssltest/viewMyClient.html Share this post Link to post Share on other sites
petzl 0 Posted October 25, 2014 From https://addons.mozilla.org/en-US/firefox/addon/disable-ssl-30/?src=api In my firefox settings (about:config): security.tls.version.max = 3 security.tls.version.min = 0 To disable SSL v3, shouldn't max be set to 2, rather setting min to 1? Or do I misunderstand something here? The problem with SSL 3 that as your IP passes from one IP to the next where it can be intercepted "The usage of Hotspots, public Wi-Fi, makes this attack a real problem." http://www.symantec.com/connect/blogs/ssl-30-vulnerability-poodle-bug-aka-poodlebleed Share this post Link to post Share on other sites
Dave_L 0 Posted October 26, 2014 http://kb.mozillazine.org/Security.tls.version.* Thanks, that answered my question. Share this post Link to post Share on other sites
petzl 0 Posted October 26, 2014 (edited) Thanks, that answered my question. Not for Mobiles? And the security on them just gets worse http://www.youtube.com/embed/Q8xz8xKEFvU Pays to scan your mobile device with their freeware APP for Iphone and Android http://www.snoopwall.com/ Take care and be suspicious tried this APP out seems clean? Edited October 26, 2014 by petzl Share this post Link to post Share on other sites
