Researchers have discovered a new flaw in internet security. A 15-year-old security protocol could allow unauthorised access to encrypted connections. Fortunately it's quite easy to protect against the so-called "Poodle" issue.
Users should disable SSLv3, a protocol used to encrypt data transfer between a computer and a server. The SSLv3 standard is rarely used today but is included as a fallback in most browsers and servers.
According to researchers, in a worst case scenario an attacker could take over a user's accounts on services like Google or Twitter without needing a password. However, to exploit the vulnerability the attacker has to be on the same network as the user, for example a WiFi network in a cafe.
Here's how to disable SSLv3 in the three most commonly used browsers:
Firefox: In the address bar of the browser type the command "about:config", then search for "tls" and set the value of "security.tls.version.min" to 1. In the next version of Firefox SSLv3 will be disabled by default. The free add-on SSL Version Control can also help with this issue.
Chrome: The browser needs to be told not to use SSLv3 at launch. Right-click the Chrome shortcut on the desktop or taskbar and choose "Properties" from the drop-down menu. In the box named "Target" scroll all the way to the end of the programme path specified there and type "-ssl-version-min?tls1". Click "OK" and when asked for administrator permissions click "Continue." Then restart Chrome.
Internet Explorer: On the Tools menu, click "Internet Options." In the dialogue box click the "Advanced" tab. In the Security category, uncheck "Use SSL 3.0" and check "Use TLS 1.0," "Use TLS 1.1," and "Use TLS 1.2" (if available).
Comments
Comments are closed.