http://googleonlinesecurity.blogspot.com.es/2014/10/this-poodle-bites-exploiting-ssl-30.html
per Tor Browser: This time, the attack is that many clients, when they find a server that doesn't support TLS, will downgrade to the ancient SSLv3. And SSLv3 is subject to a new padding oracle attack. There is a readable summary of the issue at https://www.imperialviolet.org/2014/10/14/poodle.html . Tor itself is not affected: all released versions for a long time have shipped with TLSv1 enabled, and we have never had a fallback mechanism to SSLv3. Furthermore, Tor does not send the same secret encrypted in the same way in multiple connection attempts, so even if you could make Tor fall back to SSLv3, a padding oracle attack probably wouldn't help very much. TorBrowser, on the other hand, does have the same default fallback mechanisms as Firefox. I expect and hope the TorBrowser team will be releasing a new version soon with SSLv3 enabled. But in the meantime, I think you can disable SSLv3 yourself by changing the value of the "security.tls.version.min" preference to 1. To do that: 1. enter "about:config" in the URL bar. 2. Then you click "I'll be careful, I promise". 3. Then enter "security.tls.version.min" in the preference "search" field underneath the URL bar. (Not the search box next to the URL bar.) 4. You should see an entry that says "security.tls.version.min" under "Preference Name". Double-click on it, then enter the value "1" and click okay. You should now see that the value of "security.tls.version.min" is set to one. /// per chi usa VPN service, free o a pagamento e' lo stesso :D, hanno comunicato: We have disabled SSLv3 on our website server. It may affect some users who connect from legacy browsers. questo ha portato cmq alcuni problemi. -- lilo http://wiki.debian.org/LILO #### -Da grande faro' il cattivo esempio, questo e' uno stage formativo- bit in rebels GnuPG/PGP Key-Id: 0x10318C92 FINGERPRINT: 47BE F025 DD21 949F 681E 1D2B 1C2C DA80 1031 8C92 server: pgp.mit.edu -------------- parte successiva -------------- Un allegato non testuale รจ stato rimosso.... Nome: 0x10318C92.asc Tipo: application/pgp-keys Dimensione: 6354 bytes Descrizione: non disponibile URL: <https://lists.partito-pirata.it/pipermail/open/attachments/20141015/327d73d3/attachment.key> _______________________________________________ Open https://lists.partito-pirata.it/cgi-bin/mailman/listinfo/open
