Pages:
Author

Topic: POODLE vulnerability (Read 2452 times)

legendary
Activity: 1512
Merit: 1012
Still wild and free
October 19, 2014, 08:08:31 AM
#26
The POODLE vulnerability in TLS/SSL could have allowed a man-in-the-middle attacker to read encrypted forum traffic. For example, Tor exit nodes could have used this attack against anyone using Tor to access the forum. I disabled SSLv3 to prevent this attack in the future, and I logged everyone out to invalidate any possibly-compromised cookies. If you used a proxy or ISP that you don't absolutely trust to access the forum, then you should also change your password.

Most other sites are similarly affected.

I suggest that in the future, you make the "News: Due to a recently..." sentence clickable, and link to a post or an arcticle mentioning what it is all about.
It would save time for anybody that didn't see any news about that yet and who is curious at what exactly the attack/issue entails (outside of bitcointalk).
legendary
Activity: 1036
Merit: 1000
Thug for life!
October 16, 2014, 04:47:05 PM
#25
Why was the warning removed from the news section, above the breadcrumbs?
It wasn't removed. The warning about the TLS vulnerability and to change your password rotates with the notice that the new version of QT has been released, with each notice showing on every other time you load a page.
hero member
Activity: 728
Merit: 500
October 16, 2014, 04:44:53 PM
#24
Why was the warning removed from the news section, above the breadcrumbs?
staff
Activity: 3304
Merit: 4115
October 16, 2014, 03:47:30 PM
#23
Cheers for the warning, I'm due a password change anyway.
hero member
Activity: 616
Merit: 500
October 16, 2014, 02:02:27 PM
#22
After see myself logged out and see the bug warning, I thought someone stole my cookies and took my account.

Nice to see I was wrong.

Will change password anyway.
hero member
Activity: 560
Merit: 509
I prefer Zakir over Muhammed when mentioning me!
October 16, 2014, 09:35:55 AM
#21
Thanks theymos! Smiley

Can you please make an option to log-out from all computers except the one user using? So if we checked 'remember me', the account can be logged-out from other computer. Roll Eyes Suggestions are welcome! Smiley

   ~~MZ~~
donator
Activity: 1218
Merit: 1015
October 16, 2014, 04:26:29 AM
#20
This is the reason I was logged out from bitcointalk. Took me a few minutes to figure out my own password, the one I changed in a rush after the previous SSL bug.
I was pretty pleased to find I still had it saved. I thought I forgot to save it when I last changed it and talked to theymos about an account recovery. Maybe just a weird dream... ever have that? Sometimes dream about weird, mundane stuff like shampooing hair, then forget to take a shower in the morning because I thought I already had. -Or I'll think the dog died a year ago, then see it when I wake up... scares the bejesus out of me.

Anyway - not sure what's wrong with the name. Poodles are bad news. If it derived from BEAST attack, POODLE seems like a pretty reasonable name for a successor.
copper member
Activity: 1498
Merit: 1528
No I dont escrow anymore.
October 16, 2014, 04:17:14 AM
#19
This is the reason I was logged out from bitcointalk. Took me a few minutes to figure out my own password, the one I changed in a rush after the previous SSL bug.

Dont get used to it, just change it again Tongue
hero member
Activity: 658
Merit: 500
October 16, 2014, 03:27:52 AM
#18
This is the reason I was logged out from bitcointalk. Took me a few minutes to figure out my own password, the one I changed in a rush after the previous SSL bug.
legendary
Activity: 2912
Merit: 1309
October 16, 2014, 02:32:10 AM
#17
maybe to add also in the "News" that all useres are automaticly logged out.
I was very surprised if I see me logged out.

Ok first I do was to go (still logged out) to meta and see in this thread that all are logged out by you..
sgk
legendary
Activity: 1470
Merit: 1002
!! HODL !!
October 16, 2014, 02:31:38 AM
#16
Btw, POODLE? Quite a letdown, after cool names like Heartbleed and Shellshock.

Yeah, it's a terrible name. The vulnerability isn't nearly as bad as Heartbleed or Shellshock, though.

It is an acronym it stands for "Padding Oracle On Downgraded Legacy Encription"

The vulnerability was discovered by Google, so most likely they came up with DOODLE acronym first and then worked their way back to generate a plausible-sounding full form Tongue
DOODLE and POODLE - D and P

Dire and Padding?

My bad! Although they both don't look much different to me Tongue
hero member
Activity: 504
Merit: 500
sucker got hacked and screwed --Toad
October 16, 2014, 02:17:24 AM
#15
Btw, POODLE? Quite a letdown, after cool names like Heartbleed and Shellshock.

Yeah, it's a terrible name. The vulnerability isn't nearly as bad as Heartbleed or Shellshock, though.

It is an acronym it stands for "Padding Oracle On Downgraded Legacy Encription"

The vulnerability was discovered by Google, so most likely they came up with DOODLE acronym first and then worked their way back to generate a plausible-sounding full form Tongue
DOODLE and POODLE - D and P

Dire and Padding?
sgk
legendary
Activity: 1470
Merit: 1002
!! HODL !!
October 16, 2014, 02:15:39 AM
#14
Btw, POODLE? Quite a letdown, after cool names like Heartbleed and Shellshock.

Yeah, it's a terrible name. The vulnerability isn't nearly as bad as Heartbleed or Shellshock, though.

It is an acronym it stands for "Padding Oracle On Downgraded Legacy Encription"

The vulnerability was discovered by Google, so most likely they came up with DOODLE acronym first and then worked their way back to generate a plausible-sounding full form Tongue
hero member
Activity: 504
Merit: 500
sucker got hacked and screwed --Toad
October 16, 2014, 02:05:34 AM
#13
Btw, POODLE? Quite a letdown, after cool names like Heartbleed and Shellshock.

Yeah, it's a terrible name. The vulnerability isn't nearly as bad as Heartbleed or Shellshock, though.

It is an acronym it stands for "Padding Oracle On Downgraded Legacy Encription"
Oh. Thank you for the clarification and explanation Roll Eyes
hero member
Activity: 630
Merit: 501
Miner Setup And Reviews. WASP Rep.
October 16, 2014, 02:03:51 AM
#12
Btw, POODLE? Quite a letdown, after cool names like Heartbleed and Shellshock.

Yeah, it's a terrible name. The vulnerability isn't nearly as bad as Heartbleed or Shellshock, though.

It is an acronym it stands for "Padding Oracle On Downgraded Legacy Encription"
legendary
Activity: 1974
Merit: 1029
October 16, 2014, 02:02:39 AM
#11
Thank you theymos. Password changed—again Tongue.
hero member
Activity: 728
Merit: 500
October 16, 2014, 12:19:08 AM
#10
It seems never ending. Every other month some new vulnerability is discovered. This sucks
legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
October 15, 2014, 11:04:55 PM
#9
If you used a WIFI that is unsecured or using WEP or vulnerable WPS encryption, you should change your password. Attacks may have been executed on the network, so your accounts may be compromised.
hero member
Activity: 504
Merit: 500
sucker got hacked and screwed --Toad
October 15, 2014, 09:48:05 PM
#8
I've logged in through Cyberghost, but they have decent reviews so I'm not changing PW. Wink
hero member
Activity: 728
Merit: 500
October 15, 2014, 06:39:24 PM
#7
Thanks for the info...hate to change pwd's but it's (almost) never too late Smiley
Pages:
Jump to: