POODLE vulnerability | Bitcointalksearch.org

binaryFate

legendary

Activity: 1512

Merit: 1012

Still wild and free

Quote from: theymos on October 15, 2014, 06:47:22 PM

The POODLE vulnerability in TLS/SSL could have allowed a man-in-the-middle attacker to read encrypted forum traffic. For example, Tor exit nodes could have used this attack against anyone using Tor to access the forum. I disabled SSLv3 to prevent this attack in the future, and I logged everyone out to invalidate any possibly-compromised cookies. If you used a proxy or ISP that you don't absolutely trust to access the forum, then you should also change your password.

Most other sites are similarly affected.

I suggest that in the future, you make the "News: Due to a recently..." sentence clickable, and link to a post or an arcticle mentioning what it is all about.
It would save time for anybody that didn't see any news about that yet and who is curious at what exactly the attack/issue entails (outside of bitcointalk).

Argwai96

legendary

Activity: 1036

Merit: 1000

Thug for life!

Quote from: goozman96 on October 16, 2014, 05:44:53 PM

Why was the warning removed from the news section, above the breadcrumbs?

It wasn't removed. The warning about the TLS vulnerability and to change your password rotates with the notice that the new version of QT has been released, with each notice showing on every other time you load a page.

goozman96

hero member

Activity: 728

Merit: 500

Why was the warning removed from the news section, above the breadcrumbs?

Welsh

staff

Activity: 3290

Merit: 4114

Cheers for the warning, I'm due a password change anyway.

Malin Keshar

hero member

Activity: 616

Merit: 500

After see myself logged out and see the bug warning, I thought someone stole my cookies and took my account.

Nice to see I was wrong.

Will change password anyway.

Muhammed Zakir

hero member

Activity: 560

Merit: 509

I prefer Zakir over Muhammed when mentioning me!

Thanks theymos!

Can you please make an option to log-out from all computers except the one user using? So if we checked 'remember me', the account can be logged-out from other computer. Roll Eyes

Suggestions are welcome!

~~MZ~~

Kluge

donator

Activity: 1218

Merit: 1015

Quote from: zetaray on October 16, 2014, 04:27:52 AM

This is the reason I was logged out from bitcointalk. Took me a few minutes to figure out my own password, the one I changed in a rush after the previous SSL bug.

I was pretty pleased to find I still had it saved. I thought I forgot to save it when I last changed it and talked to theymos about an account recovery. Maybe just a weird dream... ever have that? Sometimes dream about weird, mundane stuff like shampooing hair, then forget to take a shower in the morning because I thought I already had. -Or I'll think the dog died a year ago, then see it when I wake up... scares the bejesus out of me.

Anyway - not sure what's wrong with the name. Poodles are bad news. If it derived from BEAST attack, POODLE seems like a pretty reasonable name for a successor.

shorena

copper member

Activity: 1498

Merit: 1528

No I dont escrow anymore.

Quote from: zetaray on October 16, 2014, 04:27:52 AM

This is the reason I was logged out from bitcointalk. Took me a few minutes to figure out my own password, the one I changed in a rush after the previous SSL bug.

Dont get used to it, just change it again Tongue

zetaray

hero member

Activity: 658

Merit: 500

This is the reason I was logged out from bitcointalk. Took me a few minutes to figure out my own password, the one I changed in a rush after the previous SSL bug.

fronti

legendary

Activity: 2912

Merit: 1309

maybe to add also in the "News" that all useres are automaticly logged out.
I was very surprised if I see me logged out.

Ok first I do was to go (still logged out) to meta and see in this thread that all are logged out by you..

sgk

legendary

Activity: 1470

Merit: 1002

!! HODL !!

Quote from: Vortex20000 on October 16, 2014, 03:17:24 AM

Quote from: sgk on October 16, 2014, 03:15:39 AM

Quote from: Beastlymac on October 16, 2014, 03:03:51 AM

Quote from: theymos on October 15, 2014, 07:24:02 PM

Quote from: peligro on October 15, 2014, 07:21:14 PM

Btw, POODLE? Quite a letdown, after cool names like Heartbleed and Shellshock.

Yeah, it's a terrible name. The vulnerability isn't nearly as bad as Heartbleed or Shellshock, though.

It is an acronym it stands for "Padding Oracle On Downgraded Legacy Encription"

The vulnerability was discovered by Google, so most likely they came up with DOODLE acronym first and then worked their way back to generate a plausible-sounding full form Tongue

DOODLE and POODLE - D and P

Dire and Padding?

My bad! Although they both don't look much different to me Tongue

Vortex20000

hero member

Activity: 504

Merit: 500

sucker got hacked and screwed --Toad

Quote from: sgk on October 16, 2014, 03:15:39 AM

Quote from: Beastlymac on October 16, 2014, 03:03:51 AM

Quote from: theymos on October 15, 2014, 07:24:02 PM

Quote from: peligro on October 15, 2014, 07:21:14 PM

Btw, POODLE? Quite a letdown, after cool names like Heartbleed and Shellshock.

Yeah, it's a terrible name. The vulnerability isn't nearly as bad as Heartbleed or Shellshock, though.

It is an acronym it stands for "Padding Oracle On Downgraded Legacy Encription"

The vulnerability was discovered by Google, so most likely they came up with DOODLE acronym first and then worked their way back to generate a plausible-sounding full form Tongue

DOODLE and POODLE - D and P

Dire and Padding?

sgk

legendary

Activity: 1470

Merit: 1002

!! HODL !!

Quote from: Beastlymac on October 16, 2014, 03:03:51 AM

Quote from: theymos on October 15, 2014, 07:24:02 PM

Quote from: peligro on October 15, 2014, 07:21:14 PM

Btw, POODLE? Quite a letdown, after cool names like Heartbleed and Shellshock.

Yeah, it's a terrible name. The vulnerability isn't nearly as bad as Heartbleed or Shellshock, though.

It is an acronym it stands for "Padding Oracle On Downgraded Legacy Encription"

The vulnerability was discovered by Google, so most likely they came up with DOODLE acronym first and then worked their way back to generate a plausible-sounding full form Tongue

Vortex20000

hero member

Activity: 504

Merit: 500

sucker got hacked and screwed --Toad

Quote from: Beastlymac on October 16, 2014, 03:03:51 AM

Quote from: theymos on October 15, 2014, 07:24:02 PM

Quote from: peligro on October 15, 2014, 07:21:14 PM

Btw, POODLE? Quite a letdown, after cool names like Heartbleed and Shellshock.

Yeah, it's a terrible name. The vulnerability isn't nearly as bad as Heartbleed or Shellshock, though.

It is an acronym it stands for "Padding Oracle On Downgraded Legacy Encription"

Oh. Thank you for the clarification and explanation Roll Eyes

Beastlymac

hero member

Activity: 630

Merit: 501

Miner Setup And Reviews. WASP Rep.

Quote from: theymos on October 15, 2014, 07:24:02 PM

Quote from: peligro on October 15, 2014, 07:21:14 PM

Btw, POODLE? Quite a letdown, after cool names like Heartbleed and Shellshock.

Yeah, it's a terrible name. The vulnerability isn't nearly as bad as Heartbleed or Shellshock, though.

It is an acronym it stands for "Padding Oracle On Downgraded Legacy Encription"

dserrano5

legendary

Activity: 1974

Merit: 1029

Thank you theymos. Password changed—again Tongue

.

goozman96

hero member

Activity: 728

Merit: 500

It seems never ending. Every other month some new vulnerability is discovered. This sucks

ranochigo

legendary

Activity: 3038

Merit: 4418

Crypto Swap Exchange

If you used a WIFI that is unsecured or using WEP or vulnerable WPS encryption, you should change your password. Attacks may have been executed on the network, so your accounts may be compromised.

Vortex20000

hero member

Activity: 504

Merit: 500

sucker got hacked and screwed --Toad

I've logged in through Cyberghost, but they have decent reviews so I'm not changing PW. Wink

elitenoob

hero member

Activity: 728

Merit: 500

Thanks for the info...hate to change pwd's but it's (almost) never too late

Topic: POODLE vulnerability (Read 2439 times)