Jump to content

POODLE ATTACK


petzl
 Share

Recommended Posts

Interesting ... Firefox (32.0.3) was vulnerable (vulnerability patch due 25 Nov with 34 or get the add-on) but SeaMonkey (2.30) not.

Just doing a bit of checking on "Keep getting hacked please read"

in that case it's the use of free hotspot/open WiFi connections using mobile devices I use all the time, but often see the creepy guy with a Laptop looking my way?

They have my throwaway Gmail name but not accessing it supposed to be SSL

To secure Internet Explorer these are the settings

http://www.extremetech.com/wp-content/uploads/2014/10/SSL30.png

Link to comment
Share on other sites

SSL3.0 is under attack. Check

https://www.poodletest.com/

to see if you are vulnerable.

For FireFox get add-on

https://addons.mozilla.org/en-US/firefox/addon/disable-ssl-30/?src=api

The risk is small but once it gets around who knows

From https://addons.mozilla.org/en-US/firefox/addon/disable-ssl-30/?src=api

Currently this addon just sets the "security.tls.version.min" to 1 (generally from the default of 0). This is trivial to do via about:config but many users may want to do this without going there.

In my firefox settings (about:config):

security.tls.version.max = 3

security.tls.version.min = 0

To disable SSL v3, shouldn't max be set to 2, rather setting min to 1? Or do I misunderstand something here?

Link to comment
Share on other sites

From https://addons.mozilla.org/en-US/firefox/addon/disable-ssl-30/?src=api

In my firefox settings (about:config):

security.tls.version.max = 3

security.tls.version.min = 0

To disable SSL v3, shouldn't max be set to 2, rather setting min to 1? Or do I misunderstand something here?

The problem with SSL 3 that as your IP passes from one IP to the next where it can be intercepted

"The usage of Hotspots, public Wi-Fi, makes this attack a real problem."

http://www.symantec.com/connect/blogs/ssl-30-vulnerability-poodle-bug-aka-poodlebleed

Link to comment
Share on other sites

Thanks, that answered my question.

Not for Mobiles?

And the security on them just gets worse

http://www.youtube.com/embed/Q8xz8xKEFvU

Pays to scan your mobile device with their freeware APP for Iphone and Android

http://www.snoopwall.com/

Take care and be suspicious tried this APP out seems clean?

Edited by petzl
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...