Jump to content

POODLE ATTACK


petzl

Recommended Posts

Interesting ... Firefox (32.0.3) was vulnerable (vulnerability patch due 25 Nov with 34 or get the add-on) but SeaMonkey (2.30) not.

Just doing a bit of checking on "Keep getting hacked please read"

in that case it's the use of free hotspot/open WiFi connections using mobile devices I use all the time, but often see the creepy guy with a Laptop looking my way?

They have my throwaway Gmail name but not accessing it supposed to be SSL

To secure Internet Explorer these are the settings

http://www.extremetech.com/wp-content/uploads/2014/10/SSL30.png

Link to comment
Share on other sites

SSL3.0 is under attack. Check

https://www.poodletest.com/

to see if you are vulnerable.

For FireFox get add-on

https://addons.mozilla.org/en-US/firefox/addon/disable-ssl-30/?src=api

The risk is small but once it gets around who knows

From https://addons.mozilla.org/en-US/firefox/addon/disable-ssl-30/?src=api

Currently this addon just sets the "security.tls.version.min" to 1 (generally from the default of 0). This is trivial to do via about:config but many users may want to do this without going there.

In my firefox settings (about:config):

security.tls.version.max = 3

security.tls.version.min = 0

To disable SSL v3, shouldn't max be set to 2, rather setting min to 1? Or do I misunderstand something here?

Link to comment
Share on other sites

From https://addons.mozilla.org/en-US/firefox/addon/disable-ssl-30/?src=api

In my firefox settings (about:config):

security.tls.version.max = 3

security.tls.version.min = 0

To disable SSL v3, shouldn't max be set to 2, rather setting min to 1? Or do I misunderstand something here?

The problem with SSL 3 that as your IP passes from one IP to the next where it can be intercepted

"The usage of Hotspots, public Wi-Fi, makes this attack a real problem."

http://www.symantec.com/connect/blogs/ssl-30-vulnerability-poodle-bug-aka-poodlebleed

Link to comment
Share on other sites

Thanks, that answered my question.

Not for Mobiles?

And the security on them just gets worse

http://www.youtube.com/embed/Q8xz8xKEFvU

Pays to scan your mobile device with their freeware APP for Iphone and Android

http://www.snoopwall.com/

Take care and be suspicious tried this APP out seems clean?

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...