SSL v3 POODLE vulnerability

Keep the gloves on, be familiar with the forum rules, and bring your critical reasoning skills.

SSL v3 POODLE vulnerability

Postby Wesley » Thu Oct 16, 2014 4:58 am

If you've been hearing about the third major vulnerability to be exposed this year, you might want to read this: http://security.stackexchange.com/quest ... nerability

Don't rely on NYT, Wired, of HuffPo to explain it. They won't do it right.
User avatar
Wesley
Site Admin
 
Posts: 2202
Joined: Sun Jul 21, 2013 7:03 pm
Location: Scottsdale, Arizona

SSL v3 POODLE vulnerability

Sponsor

Sponsor
 

Re: SSL v3 POODLE vulnerability

Postby MacFall » Thu Oct 16, 2014 5:58 am

Wesley wrote:Don't rely on NYT, Wired, of HuffPo to explain it. They won't do it right.


Can you explain it then? 'Cuz I don't even what the F.
No king but Christ; no law but liberty!
User avatar
MacFall
 
Posts: 337
Joined: Wed Sep 04, 2013 5:37 pm
Location: Southeastern Tennessee (Chattanooga area)

Re: SSL v3 POODLE vulnerability

Postby little_tigress » Thu Oct 16, 2014 6:18 am

I need a TL;DR
❥ ~❥~ ❥ ~ ❥ ~ ❥ ~ ❥ ~ ❥ ~ ❥
Qu'ils sont beaux sur les montagnes, Les pieds de celui qui apporte de bonnes nouvelles, Qui publie la paix! De celui qui apporte de bonnes nouvelles, Qui publie le salut! De celui qui dit à Sion: ton Dieu règne!
Ésaïe 52:7
little_tigress
 
Posts: 4017
Joined: Sun Jul 21, 2013 8:15 pm
Location: Canada

Re: SSL v3 POODLE vulnerability

Postby sketcher » Thu Oct 16, 2014 7:08 am

tl;dr: One of the ciphers that SSL connections rely on to keep your data secure can be easily exploited. It is usually only used if the newest ciphers (called TLS) are not able to be used with the server your computer is trying to connect to. Patch all your software that uses these connections when the patches come out. Until that day comes, you need to turn off the cipher (SSLv3). It's really not that hard.

Use this test to see if you are vulnerable: https://www.ssllabs.com/ssltest/viewMyClient.html

If you are, scroll down to the "How to Protect Your Browser" section here: https://scotthelme.co.uk/sslv3-goes-to- ... -protocol/

If your software is not new enough to use TLS, upgrade it. Really.
User avatar
sketcher
 
Posts: 168
Joined: Wed Aug 21, 2013 5:44 am

Re: SSL v3 POODLE vulnerability

Postby Wesley » Thu Oct 16, 2014 7:18 am

To pull off this attack, it would take more commitment than most vanilla ne'er do wells would be willing to do. As Pornin said "Cryptographic attacks are neat, but they involve more effort than exploiting the bottomless well of user's gullibility." It's not nearly as accessible as the recent "Shellshock" or "Heartbleed" problems are where any jackwagon with one finger and Google can cause havoc at large. I assume that similar vulnerabilities like POODLE are known, kept quiet by both sides of the infosec world, and actively cultivated. Some of my friends are rather deep in that realm and we're all pretty much just doomed pawns in the infowars, so let's all just look at pictures of cats. :lol:
User avatar
Wesley
Site Admin
 
Posts: 2202
Joined: Sun Jul 21, 2013 7:03 pm
Location: Scottsdale, Arizona


Return to News & Politics

Who is online

Users browsing this forum: Google [Bot] and 1 guest

About us

ChattyChristians.com is a place for Christians of all walks to chat, discuss, and fellowship with one another. We seek to live out our mission statement with humility and sincerity.

Have questions? Contact us at support@chattychristians.com or join ChattyChristians.com and submit a question to our Member Help Desk. You might also be interested in our FAQ and Privacy Policy.

cron