[ubuntu-hardened] The POODLE vulnerability.
Joerg Stephan
joerg.stephan at owasp.org
Wed Oct 22 10:31:41 UTC 2014
Hi,
i guess thats all,
i found a good documentation some days ago
https://scotthelme.co.uk/sslv3-goes-to-the-dogs-poodle-kills-off-protocol/
Which gives an overview on the most steps.
Users should adjust there SSL Settings in Browsers.
I just wait for a good howto on mailclients.
Cheers
On Wed, Oct 22, 2014 at 12:21 PM, Daniel Curtis <sidetripping at gmail.com>
wrote:
> Hi
>
> As we all know Google has disclosed a new SSL
> vulnerability that goes by the name POODLE [1].
> I would like to ask about two Firefox's 33.0 settings
> available via e.g. 'about:config' --
>
> 'security.tls.version.min' set to '1' (Status: user)
> 'security.tls.version.max' set to '3' (Status: default)
>
> Mentioned POODLE vulnerability was found in the
> design of SSL version 3. It seems, that disabling
> SSL 3.0 support is sufficient to mitigate issue, but...
>
> Is there anything users should/can do until Mozilla
> fix POODLE issue? Probably SSLv3 will be disabled by
> default in Firefox 34, which will be released on Nov. 25.
>
> What do you thing?
>
> Best regards
> ____________
> [1]
> http://googleonlinesecurity.blogspot.de/2014/10/this-poodle-bites-exploiting-ssl-30.html
>
> --
> ubuntu-hardened mailing list
> ubuntu-hardened at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-hardened
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-hardened/attachments/20141022/5278cb5b/attachment.html>
More information about the ubuntu-hardened
mailing list