Ramblings of an old Doc

 

OK…this is a bit technical, so brace yourselves. Anyway, recently, a SSL 3.0 vulnerability was discovered. This vulnerability allows the injection of malicious code into your computer and web hosting servers and allow remote code execution. So what’s SSL? It means Secure Sockets Layer (and there are 3). It has been superceded by TLS (Transport Layer Security).

The Poodle (Padding Oracle On Downgraded Legacy Encryption) attack allows a web criminal to intercept data that is being sent over the SSL3 connection. Not only can he or she intercept the data, the web criminal can inject their own data into the connection, making the website believe that it came from the browser. Likewise, it makes the browser believe that the malicious data comes from the web server.

You can test your browser vulnerability at the following site https://www.poodletest.com/

There’s a good guide here to how to fix various browsers: http://www.tomsguide.com/us/poodle-fix-how-to,news-19775.html

MS has released a Fixit tool for those who use IE:

Download links:

So…if you haven’t already done so, time to act!

Sources:

http://news.thewindowsclub.com/fix-it-disable-ssl-3-0-vulnerability-ie-69815/

http://www.thewindowsclub.com/ssl-3-0-secure-browser-poodle-vulnerability-attack

http://www.tomsguide.com/us/poodle-fix-how-to,news-19775.html


Comments (Page 1)
2 Pages1 2 
on Nov 01, 2014

Thanks for the heads up!

on Nov 01, 2014

Great Info Thx Doc...

on Nov 01, 2014

Got it fixed.

on Nov 01, 2014

Thanks for the tip, as always.  For what it's worth my Whitehat Aviator running at stock settings passed fine.  I like the way he did the test, the guy has a sense of humor. 

on Nov 01, 2014

Thanks for the warning, Doc. I almost stepped in some. All kidding aside, my preferred browser failed as did FF Portable. Chrome portable passed. On my 7 rig, that is as far as I care to go. IE11 with Chrome Portable for a fallback browser.

From these results, I can gather several conclusions.

1: Malware creators love IE, it's the default browser of millions of Windows users. (who know damn little about what's inside that box, tablet, phone, etc.)

2:FartFox is still the failing, memory leaking piece of crap that it was/is, I avoid it like it was ebola.  

3:Scare tactics do drive public opinion. The flock is easily herded

3:The devs at Google either really know their shit or are behind half of this crap. It's a tossup there.

4: I have spent more time responding to your post than most people will. You scared most of them away with that getting technical warning.

5: Lather rinse repeat.

 

on Nov 01, 2014

and screw that pooch, I'm a cat person.

 he's just a dog, and he's French

 

 

on Nov 01, 2014

 Not that I hold anything against the French

andiaintgonnauncheckadoggonething

 

 

on Nov 01, 2014

Okay, helping hand needed here.  I use IE and I show as vulernable.  I ran the MS fix it link to disable, do I also run the other link they show to restore or will that just make me vulernable again?

on Nov 02, 2014

you might want to "restore" when ms comes up with a patch... not sure if win update undo hotfixes before they patch in fixes or not... sometimes hotfixes messes up later winupdates (i think)

 

but who remembers to unfix stuff, ever?

on Nov 02, 2014

@ Philly: Just run 51024 which will be the fix for IE. Don't run 51025 which will reverse 51024 and make you vulnerable. The patch, when and if it comes will take care of that for you, because no one ever remembers to 'unfix'.

@ Wiz: After you test and do the fix, clear the browser cache and retest. Or, retest here: https://www.ssllabs.com/ssltest/viewMyClient.html

WC'ers don't scare that easily. 

 


on Nov 02, 2014

We could protect ourselves from poodle attacks merely by having pics of cute cats on our desktop?  

on Nov 02, 2014

@dr  - not convinced that the patching always undo hotfixes 1st... my previous win7 installation (bit corrupted by dying hdd...) had problems with some patches... one of which was caused by a hotfix.. and eventually went through after i tracked it down and undo the hotfix... though this one should be fairly harmless.. just basically the same as unticking the ssl 3 box in ie options, isn't it?

(that said.. ie options is used by plenty of stuff - eg.. steam, chrome..... still.. harmless.. the fix, not the bug )

on Nov 02, 2014

I don't see why it wouldn't depending on the patch, of course.

Generally, if you're concerned about the question you can get a good deal of info from the technet blog regarding the contents of each patch tuesday or other patches issued off that schedule.

You can do that at this url: https://technet.microsoft.com/security/bulletin or in the blog: http://blogs.technet.com/b/msrc/

You can get advanced notification (if you wish) at this MS site: http://technet.microsoft.com/en-us/security/dd252948.aspx

It informs you of the date of the next release (11/11/2014 for this month) and you can check there (a few days before) if a patch is coming to deal with the issue. If there is, then you can (usually a day or later) undo the fix before dl'ng and installing the patch...

 

on Nov 02, 2014

For some reason, the fix for Chrome worked fine on 2 of my Win7 rigs but failed to work on the third.  Even after clearing the cache multiple times and rebooting, still shows as vulnerable.  Odd.

on Nov 04, 2014

You're sure you typed it in correctly? Maybe opening properties as Admin?

2 Pages1 2