POODLE going to the dogs?

POODLE a new threat when browsing. An article by Susan Bradley in Windows Secrets:http://windowssecrets.com/newsletter/protecting-yourself-from-poodle-attacks/
Just when we thought everything was cool. Neil.

 

Already protected a while ago Through an MS Security Advisory Notification. Interesting reading. POODLE a very harmless sounding threat for something pretty dangerous. Makes you kind of wonder what else is out there roaming the internet.

 

Microsoft has released a Fix It to disable the feature which was the subject of the POODLE attack. The Fix It, a program which implements changes in the registry, makes the process simpler than the alternatives.

 

Thanks Doc. Should help in case of problems. Neil.

 

You're welcome.

 

And a little test for you. Hope you pass. https://www.poodletest.com/

 

FireFox 33.0.2 and IE 11 failed the test.

 

If you didn't see the dog, you haven't fixe your browsers. Post #4 has the fix from MS. Or you just uncheck SSL3 in IE/Tools/Internet Options/Advanced Tab and it is near the bottom.

 

I rarely use IE, but I may do as directed and uncheck the SSL3 box.

I was thinking Firefox would release their fix soon (November 25th I see). Some have complained about the recommended addon for those who can't wait for the official fix.

 

My Windows 7 Ultimate and 8.1 Pro are not vulnerable. Thanks for that teat MrBill.

 

You are quite welcome. Have fun on your new job.

 

Will do.

 

Firefox 33.0.2 keeps showing the poodle on my end with the word "vulnerable ".

IE 11 is good after unchecking SSL 3.


Edit: Firefox is now showing the terrier after I made the following changes...

How can I completely disable SSL 3.0?​

 

James Did you remember to put a check mark in Use TLS 1.0, TLS 1.1, and TLS 1.2?

 

They were already checked (by default, I presume).

Thanks.

 

Couldn't access Citifinancial site without SSL 3.0 activated.

Wonder how long it will take them to remedy this?

 

Do they even know about the threat? Some financial institutions may not know.

 

I'm sure a big company like that would know about POODLE by now (I did send the webmaster a comment today), but from what I can tell, there are many companies that still use SSL 3.0...

POODLE Attack and SSLv3 Deployment​

Excerpt from article...

While secure connections primarily use TLS (the successor to SSL), most users were vulnerable because web browsers and servers will downgrade to SSLv3 if there are problems negotiating a TLS session.​

Last year, I contacted Citi on behalf of a friend about a mortgage payment issue and found out that these people are still using (very) outdated browsers. Looks like Citi could free up some capital to upgrade their computers.