Story 2014-10-15 2TCV POODLE: A new SSL vulnerability

POODLE: A new SSL vulnerability

by
in security on (#2TCV)
story imageForbes has a lovely if disjointed writeup; The Register is considerably more dramatic. The gist: your browser likely still allows the use of old SSL standards, which are now proven vulnerable to a lovely new bug which could, in the worst case, give an attacker your cookies. From there, your sessions are at risk, along with anything you'd prefer to keep to yourself online.

The makers of Chrome seem to be saying that the issue has been fixed in Chrome since February, but as of this morning, the Poodle Test still showed Chrome as vulnerable. Firefox expects to have a fix in version 34, due Nov 25. In the meantime, according to the Forbes article, you can open about:config and change the setting security.tls.version.min to 1. This does cause Firefox to pass the test. Microsoft and Apple have not addressed the issue as of this writing. Internet Explorer does have an option to disable SSL 3.0 in its more recent versions (naturally set to "enabled" by default), but IE6 users are out in the cold; Safari users are vulnerable and must wait for a fix from Apple.
Reply 14 comments

Warning: Cannot modify header information - headers already sent by (output started at /var/www/pipedot.org/lib/tools/tools.php:2702) in /var/www/pipedot.org/lib/tools/tools.php on line 1524

Warning: Cannot modify header information - headers already sent by (output started at /var/www/pipedot.org/lib/tools/tools.php:2702) in /var/www/pipedot.org/lib/tools/tools.php on line 1533

Warning: Cannot modify header information - headers already sent by (output started at /var/www/pipedot.org/lib/tools/tools.php:2702) in /var/www/pipedot.org/include/common.php on line 80

Warning: Cannot modify header information - headers already sent by (output started at /var/www/pipedot.org/lib/tools/tools.php:2702) in /var/www/pipedot.org/include/common.php on line 82
Fatal Error - sql [select reason, count(reason) as reason_count, value from comment_vote where comment_id = ? group by reason order by reason_count desc] arg [92572] msg [SQLSTATE[42000]: Syntax error or access violation: 1055 Expression #3 of SELECT list is not in GROUP BY clause and contains nonaggregated column 'pipedot.comment_vote.value' which is not functionally dependent on columns in GROUP BY clause; this is incompatible with sql_mode=only_full_group_by] - Pipedot
Fatal Error
sql [select reason, count(reason) as reason_count, value from comment_vote where comment_id = ? group by reason order by reason_count desc] arg [92572] msg [SQLSTATE[42000]: Syntax error or access violation: 1055 Expression #3 of SELECT list is not in GROUP BY clause and contains nonaggregated column 'pipedot.comment_vote.value' which is not functionally dependent on columns in GROUP BY clause; this is incompatible with sql_mode=only_full_group_by]