`


THERE IS NO GOD EXCEPT ALLAH
read:
MALAYSIA Tanah Tumpah Darahku

LOVE MALAYSIA!!!


 


Saturday, October 18, 2014

Beware of ‘friendly’ Poodle, Wi-Fi users warned

Users of Wi-Fi hotspots have been warned about the latest bug, called Poodle, in Internet browsers. – The Malaysian Insider file pic, October 18, 2014.Users of Wi-Fi hotspots have been warned about the latest bug, called Poodle, in Internet browsers. – The Malaysian Insider file pic, October 18, 2014.
Users of Wi-Fi hotspots have been warned about the “Poodle” attack – the latest bug in Internet browsers that can hijack web sessions and transactions, and even extract data from secure HTTP connections, The Straits Times reported today.
Poodle, or Padding Oracle on Downgraded Legacy Encryption, exploits Secure Sockets Layer version 3 (SSLv3), one of the protocols used to secure Internet traffic, the Singapore daily said.
All major browsers, from Google Chrome to Mozilla Firefox, support SSLv3.
The Poodle attack relies on the fact that most web servers and browsers are still using an “ancient” SSLv3 to secure their communications.
The daily said for the Poodle attack to work, hackers have to be using the same Wi-Fi network as their victims. For instance, anyone sharing a Wi-Fi hotspot in a Starbucks is vulnerable.
An attack cannot be done remotely.
"Still, users should avoid making sensitive transactions over public Wi-Fi networks," Matthias Yeo, Asia-Pacific chief technology officer for security systems maker Blue Coat Systems, was quoted as saying.
To fix the problem, browsers have to disable support for SSLv3 with new version releases, such as TLS 1.0 or newer, which omits validation of certain pieces of data that accompany each message.
Web users have been advised to disable SSLv3 in their browsers. Firefox 34 will disable SSLv3 by default.
Chrome – a Google product – started to disable SSLv3 in its testing labs but there is no news of when a new version will be released.
Microsoft’s Internet Explorer 7 browser allows users to turn off the SSLv3 function, reported the Straits Times.
The daily said the Singapore Computer Emergency Response Team (SingCert) issued an alert on its website on Thursday, warning users to update their browsers to the latest versions.
Aaron Koh, 38, told the paper he was not too worried. "I seldom use public Wi-Fi for online banking. Only to check my email."
- TMI

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.