SSLv3 Poodle Attack

mhmmd · 17 Ekim 2014 - 11:27:46

SSLv3 de açık çıktığı söylendi bu nasıl giderilebilir

neynefes · 17 Ekim 2014 - 13:03:24

Teknik bir bilgim yok ama en kısa sürede bu konuda güncelleme gelir büyük ihtimalle.

bytan · 17 Ekim 2014 - 13:45:35

Alıntı Yap
....
The recommended course of action is ultimately for sites to disable SSLv3 on their servers, and for browsers to disable SSLv3 by default since the SSLv3 protocol is known to be broken. However, it will take time for sites to disable SSLv3, and some sites will choose not to, in order to support legacy browsers (eg, IE6). As a result, immediately disabling SSLv3 in Ubuntu in the openssl libraries, in servers or in browsers, will break sites that still rely on SSLv3.

Ubuntu's Response:

Unfortunately, this issue cannot be addressed in a single USN because this is a vulnerability in a protocol, and the Internet must respond accordingly (ie SSLv3 must be disabled everywhere). ...

http://blog.canonical.com/2014/10/16/ubuntu-security-update-on-poodle-cve-2014-3566-and-sslv3-downgrade-attack/

http://askubuntu.com/questions/537196/how-do-i-patch-workaround-sslv3-poodle-vulnerability-cve-2014-3566

Kullanıcı olarak en azından MITM saldırılarını önlemek için v3'ü kapatabiliriz.

Meraklısına:
https://www.imperialviolet.org/2014/10/14/poodle.html

if · 19 Ekim 2014 - 02:46:11

Firefox 34 ile SSLv3 kapatılacakmış[1]. Önerilen yöntem bu[2] eklentiyi kurmakmış.

Ayrıca about:config üzerinden security.tsl.version.min=1 yolu da uygulanabilir.

[1] https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/
[2] https://addons.mozilla.org/en-US/firefox/addon/ssl-version-control/

Ubuntu Türkiye

Haberler:

SSLv3 Poodle Attack

mhmmd

neynefes

bytan

if