Disable SSL 3.0 to be immune from the POODLE attack

Discussion in 'Lounge' started by thantrax, Oct 21, 2014.

  1. thantrax

    thantrax Audiosexual

    Joined:
    Feb 20, 2012
    Messages:
    2,622
    Likes Received:
    2,743
    Location:
    Italy
    Disable SSL 3.0 to be immune from the POODLE attack

    Info about POODLE threat:
    Wikipedia

    Comodo IceDragon/Mozilla Firefox.
    1) Type about:config into the address bar and enter.
    2) Click the 'I'll be careful, I promise' button.
    3) Type security.tls.version.min into the search bar.
    4) Double click the preference name that appears and change the setting from 0 to 1, then OK to enforce TLS.

    You can now test your new browser setting in the link below.
    https://zmap.io/sslv3/

    Take care. :grooves:

    Source:
    Comodo forum
     
  2.  
  3. Zeus

    Zeus Moderator

    Joined:
    Oct 20, 2013
    Messages:
    506
    Likes Received:
    240
    Location:
    Brandy+Wine
  4. Gramofon

    Gramofon Producer

    Joined:
    Jun 22, 2012
    Messages:
    690
    Likes Received:
    91
    Or you can use this:
    https://addons.mozilla.org/en-US/firefox/addon/ssl-version-control/

    More handy.

    ('Till the 34.0 update on Nov. 25th)
     
  5. Catalyst

    Catalyst Audiosexual

    Joined:
    May 28, 2012
    Messages:
    5,810
    Likes Received:
    804
    I'm surprised they didn't push an update sooner to disable it. I guess there aren't any attacks being witnessed in the wild yet for them to feel it's a high priority matter. :dunno:
     
  6. dim_triad

    dim_triad Producer

    Joined:
    Mar 17, 2014
    Messages:
    533
    Likes Received:
    116
    so is this just a windows problem?
     
  7. rickbarratt

    rickbarratt Producer

    Joined:
    Dec 27, 2013
    Messages:
    405
    Likes Received:
    136
    Location:
    Manchester
    Was confused, i don't use windows.

    Seems Apple released a patch for us mac users 4 days ago.

    just FYI incase anyone didn't know.

    also you can use this website to see if you are vulnerable.

    https://www.poodletest.com/
     
  8. Catalyst

    Catalyst Audiosexual

    Joined:
    May 28, 2012
    Messages:
    5,810
    Likes Received:
    804
    No it's a global OS problem with SSL (Secure Socket Layer) 3. However rick mentioned that Apple pushed an update a few days ago.
     
Loading...
Loading...