Jump to content

Search the Community

Showing results for tags 'sslv3'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Informatii generale
    • Anunturi importante
    • Bine ai venit
    • Proiecte RST
  • Sectiunea tehnica
    • Exploituri
    • Challenges
    • Bug Bounty
    • Programare
    • Reverse engineering & exploit development
    • Mobile phones
    • Sisteme de operare si discutii hardware
    • Electronica
    • Wireless Pentesting
    • Black SEO & monetizare
  • Tutoriale
    • Tutoriale in romana
    • Tutoriale in engleza
    • Tutoriale video
  • Programe
    • Programe hacking
    • Programe securitate
    • Programe utile
    • Free stuff
  • Discutii generale
    • RST Market
    • Off-topic
    • Discutii incepatori
    • Stiri securitate
    • Fake News Romania
    • Sugestii
    • Linkuri
    • Cosul de gunoi
  • Club Test's Topics
  • Clubul saraciei absolute's Topics
  • Chernobyl Hackers's Topics
  • Programming & Fun's Jokes / Funny pictures (programming related!)
  • Programming & Fun's Programming
  • Programming & Fun's Programming challenges
  • Bani pă net's Topics
  • Cumparaturi online's Topics
  • Web Development's Forum
  • 3D Print's Topics

Categories

There are no results to display.

There are no results to display.

Blogs

There are no results to display.

There are no results to display.


Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


Yahoo


Jabber


Skype


Location


Interests


Biography


Location


Interests


Occupation

Found 1 result

  1. Google, among several security organizations, recently announced a vulnerability in the SSL protocol, particularly SSL version 3. SSL is used to secure connections between a client and server to prevent eavesdropping, and that the data has not been tampered. SSLv3 is an old version of the SSL protocol, dating back to 1996 and debuted with Netscape Navigator. While a very old version of SSL, it is still widely supported by browsers and servers today. According to SSL Pulse, 98% of web servers support SSLv3 in October 2014. Fortunately more secure replacements for SSLv3 have existed for a long time, such as TLS 1.0. Since TLS has been widely adopted for several years now, nearly all browsers will opt to use TLS instead of SSLv3. The POODLE vulnerability is a flaw in the design of the algorithm, not a bug in a particular software implementation like Heartbleed. POODLE is similar to the BEAST attack, which targets SSLv3 and ciphers that use cipher block chaining (CBC). POODLE (Padding Oracle On Downgraded Legacy) targets users by being active on the network, similar to a man-in-the-middle attack. With the attacker having access to the network, he can force the SSL connection to the lower-grade protocol SSLv3 by interrupting the SSL handshake. Once the attacker has forced the connection to use SSLv3, he can attack the client and force characteristics of the connection that make it predictable. One way an attacker might accomplish this is with a Cross Site Scripting, or XSS. If the attacker is successful, he will be able to steal sensitive information such as authentication cookies. The simplest and most effective way to address this is to completely disable support for SSLv3. This is recommended for server administrators to ensure no clients connect to their resources using old versions of SSL. In another blog post we detailed how to lock down and remove older versions of SSL from the server. For desktop administrators, disable support for SSLv3 at the browser level. This can be accomplished with Group Policy for Internet Explorer. Since TLS is widely deployed, turning off SSLv3 support will have a small impact on most people. Internet Explorer 6 remains the only browser that does not support anything better than SSLv3. As support for SSLv3 is removed over the coming weeks, IE 6 users will have more difficulty using secure websites. IE 6 does support TLS 1.0, however is off by default. Enabling TLS 1.0 in IE 6 can be used as a short term work around until a newer version of IE is installed. Source
×
×
  • Create New...