Pages:
Author

Topic: POODLE vulnerability - page 2. (Read 2452 times)

administrator
Activity: 5222
Merit: 13032
October 15, 2014, 06:24:02 PM
#6
Btw, POODLE? Quite a letdown, after cool names like Heartbleed and Shellshock.

Yeah, it's a terrible name. The vulnerability isn't nearly as bad as Heartbleed or Shellshock, though.
hero member
Activity: 593
Merit: 500
1NoBanksLuJPXf8Sc831fPqjrRpkQPKkEA
October 15, 2014, 06:21:14 PM
#5
Doesn't sound too dangerous as I use only ISP directly, changed my password anyway.

Btw, POODLE? Quite a letdown, after cool names like Heartbleed and Shellshock.
administrator
Activity: 5222
Merit: 13032
October 15, 2014, 06:18:40 PM
#4
Should we consider PIA to be an untrusted proxy, or should be generally be safe with them?
So only "untrustworthy ISP" and TOR users are affected, everyone else safe? I hate changing PW's. More susceptible to forget them.

You'll have to use your own judgement on that. Do you trust that your VPN/ISP didn't use this attack against you to steal your password?

Some things to know:
- It's an active attack, so if your ISP was just recording traffic, this wouldn't help them now.
- If you didn't actually use your password to log in within the last couple of days (ie, not just logging in using "remember me"), then your ISP only could have stolen your password if they'd known about the vulnerability before it was publicly announced.
legendary
Activity: 812
Merit: 1002
October 15, 2014, 06:01:34 PM
#3
So only "untrustworthy ISP" and TOR users are affected, everyone else safe? I hate changing PW's. More susceptible to forget them.
copper member
Activity: 2996
Merit: 2374
October 15, 2014, 05:54:20 PM
#2
Should we consider PIA to be an untrusted proxy, or should be generally be safe with them?
administrator
Activity: 5222
Merit: 13032
October 15, 2014, 05:47:22 PM
#1
The POODLE vulnerability in TLS/SSL could have allowed a man-in-the-middle attacker to read encrypted forum traffic. For example, Tor exit nodes could have used this attack against anyone using Tor to access the forum. I disabled SSLv3 to prevent this attack in the future, and I logged everyone out to invalidate any possibly-compromised cookies. If you used a proxy or ISP that you don't absolutely trust to access the forum, then you should also change your password.

Most other sites are similarly affected.
Pages:
Jump to: