POODLE

Discussion in 'Computing' started by SG1, Oct 23, 2014.

  1. SG1

    SG1 Guest

    SG1, Oct 23, 2014
    #1
    1. Advertisements

  2. SG1

    felix_unger Guest

    says my browser (Firefox) is vulnerable. what does it mean tho?
     
    felix_unger, Oct 23, 2014
    #2
    1. Advertisements

  3. SG1

    SG1 Guest

    The chance of an attack is small, there is an addon for Firefox that will
    prevent an attack. A new version of FF is due out next month that will
    address this situation. HTH.
     
    SG1, Oct 24, 2014
    #3
  4. SG1

    felix_unger Guest

    thanks. I installed the add on. I don't know what I'm protected against,
    but at least I'm protected, lol!
     
    felix_unger, Oct 24, 2014
    #4
  5. SG1

    Kingpin Guest

    I'm running Firefox v33.0 and it is not vulnerable.
     
    Kingpin, Oct 24, 2014
    #5
  6. SG1

    Petzl Guest

    Petzl, Oct 24, 2014
    #6
  7. SG1

    felix_unger Guest

    So am I and the poodle sight said it was vulnerable, until I installed
    the add on. maybe you already had the add on?
     
    felix_unger, Oct 24, 2014
    #7
  8. SG1

    Petzl Guest

    Petzl, Oct 25, 2014
    #8
  9. SG1

    felix_unger Guest

    felix_unger, Oct 25, 2014
    #9
  10. SG1

    Petzl Guest

    It's not a virus, it's a flaw in the way SSL3 communicates,

    Basically in a WiFi situation you can first unknowingly log onto a
    hackers laptop who pretendes it only has SSL2, SSL3 will accept this
    without checking, certificate (who then scans your log-on and
    password, then sends/relays you to free Wi-Fi) You don't know!

    By just using SSL2 it won't allow this you are safe

    Don't no how to disable SSLV3 on Android?
    Until I do I will just use my Mobile provider

    While it's possible to be a threat from a PC it's unlikely but not
    impossible.

    Very easy to do on a open Wi-Fi connection such as Macca's, CityRail,
    etc. At Hungry Jacks Central Station, I often see a creepy guy with a
    Laptop looking at other uses with mobile devices? Probably Rod Speed?

    http://www.symantec.com/connect/blogs/ssl-30-vulnerability-poodle-bug-aka-poodlebleed
    "The usage of Hotspots, public Wi-Fi, makes this attack a real
    problem."

    60% of the spam I get can be traced back to compromised accounts fed
    from Botnet

    Those I contact with this problem use mobile devices on public Wi-Fi
    An example
    SpamCop TRACKING URL

    http://www.spamcop.net/sc?id=z5999982174zae743d38acc752565d4734cc0a1f2371z

    212.227.17.20 is a compromised account
    sent from
    31.148.218.252 which is a BOTNET attack host
    http://cbl.abuseat.org/lookup.cgi?ip=31.148.218.252
     
    Petzl, Oct 25, 2014
    #10
  11. SG1

    Rod Speed Guest

    Mine says its not and I certainly have not installed the addon.
     
    Rod Speed, Oct 25, 2014
    #11
  12. SG1

    Petzl Guest

    I'm running Firefox v33.0 and it was vulnerable
    WIN8.1
    Another checker, mentioned in Mozilla pages, is
    https://www.ssllabs....ewMyClient.html
     
    Petzl, Oct 25, 2014
    #12
  13. SG1

    Petzl Guest

    Petzl, Oct 25, 2014
    #13
  14. SG1

    Rod Speed Guest

    Mine is 33 on Win7 and its not.
     
    Rod Speed, Oct 25, 2014
    #14
  15. SG1

    Rod Speed Guest

    Interesting. That one claims that my FF 33 is vulnerable.

    But that appears to be just because it can do SSL3
    and it says I should disable that.

    That is certainly what happened with IE11, it is shown
    as vulnerable by default, but isnt if you disable SSL3
    in the advanced settings.
     
    Rod Speed, Oct 25, 2014
    #15
  16. SG1

    felix_unger Guest

    so why would some be and some not when it's the same browser?
     
    felix_unger, Oct 25, 2014
    #16
  17. SG1

    Kingpin Guest

    Nope, no add on here.
     
    Kingpin, Oct 25, 2014
    #17
  18. SG1

    Petzl Guest

    To secure Internet Explorer these are the settings
    http://www.extremetech.com/wp-content/uploads/2014/10/SSL30.png


    The problem with SSL 3 that as your IP passes from one IP to the next
    where it can be intercepted
    The major problem is
    "The usage of Hotspots, public Wi-Fi, makes this attack a real
    problem."
    http://www.symantec.com/connect/blogs/ssl-30-vulnerability-poodle-bug-aka-poodlebleed

    Try this link on your Mobile devices this is where the present
    problem/threat is I don't know how to revert to SSL2 etc on Android?
    https://www.ssllabs.com/ssltest/viewMyClient.html
     
    Petzl, Oct 26, 2014
    #18
  19. SG1

    Rod Speed Guest

    Looks like it may well be a rather poor test given
    the way the next checker gives a different answer.

    The next one appears to just check if SSL3 is supported or not.

    The first one appears to actually test the way the browser
    actually does the protocol which is a different question
    and which isnt as easy to detect with a test.

    The author does say that he has had some reports of
    false failures that he has not been able to reproduce.
     
    Rod Speed, Oct 26, 2014
    #19
  20. SG1

    Rod Speed Guest

    Same thing with Chrome, the first test says its not vulnerable,
    this one says it is.
    It reports both Safari and Chrome to be vulnerable,
    but like I said, it's a very superficial test.
    Its not the OS, it's the browser that you do that with.
    What browser are you using on your android ?
     
    Rod Speed, Oct 26, 2014
    #20
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.
Similar Threads
There are no similar threads yet.
Loading...