Friday, October 31, 2014

What is the POODLE Vulnerability and How Can You Protect Yourself?

What is POODLE? It stands for “Padding Oracle On Downgraded Legacy Encryption.”
If an attacker using a Man-In-The-Middle attack can take control of a router at a public hotspot, they can force your browser to downgrade to SSL 3.0 (an older protocol) instead of using the much more modern TLS (Transport Layer Security), and then exploit a security hole in SSL to hijack your browser sessions. Since this problem is in the protocol, anything that uses SSL is affected.
As long as both the server and the client (web browser) support SSL 3.0, the attacker can force a downgrade in the protocol, so even if your browser tries to use TLS, it ends up being forced to use SSL instead. The only answer is for either side or both sides to remove support for SSL, removing the possibility of being downgraded.

How Can We Solve the Problem?

Since there’s no way to solve the problems with SSL, the only solution is for browser makers and web servers to upgrade everything to remove support for SSL and require only TLS encryption.
Most of the large web companies are removing support for SSL after this problem came to light, but it will take a while for everybody to do so.Google and Firefox have already announced that they will be removing support in the future but for now, it is extremely easy as an end-user to disable SSL 3.0 in IE. 
You can remove support for SSL from your browser using one of the methods outlined below — or if you are using Firefox or Google Chrome and aren’t using hotspots all the time, you could wait for them to update the browser. Or you can make sure that you’ve fixed the problem yourself.

Disabling SSL 3.0 in Mozilla Firefox

Start by opening up your Firefox browser and navigating to the SSL Version Control download page in Firefox.
POODLE 1
When it has successfully been installed, you can enter “about:addons” into the navigation bar and select the “SSL Version Control” extension. You can click on “Options” to see the settings for the extension. Ensure that the “Automatic Updates” are on and that the “Minimum SSL Version” is set to “TLS 1.0”
POODLE 3
After Firefox 34 has been released, you can feel free to disable the extension or uninstall it.

Disabling SSL 3.0 in Google Chrome

Simply go to your Google Chrome desktop icon and right click on it then select “Properties” at the bottom of the popup menu.
POODLE 4
In the “Properties” window you will see a text input box that says “Target.” Simply click in this box and press the “End” button on your keyboard. Next, press the “Spacebar” and copy and paste this text onto the end.
--ssl-version-min=tls1
POODLE 5
Press “Apply” then click “Continue” in the popup window then press “OK.”
Now your browser will automatically reject SSL 3.0 certificates and only accept TLS 1.0 and higher. It’s worth noting that if you launch Chrome through any other shortcut on your computer, it won’t be using this flag.

Disabling SSL 3.0 in Internet Explorer

Microsoft has not yet announced when they are planning to address the SSL 3.0 issue so it is best to disable it yourself by opening your “Start” menu and typing in “Internet Options.”
Go to the “Advanced” tab and scroll down to the “Security” section until you see the SSL and TLS options, and then un-check the option for Use SSL 3.0, and enable TLS instead.
POODLE 9
This way you can be sure that your Internet browsers are all secure from any potential POODLE attacks.

Wednesday, October 22, 2014

Vote for your fave KasasaT

It’s a win-win! Vote for your fave KasasaT at http://shout.lt/Hplb and you could 
win 1 of 50 free shirts. Plus, select LA Financial Credit Union on the entry form and we 
could win free shirts too! #DoYouKasasa?

Tuesday, October 14, 2014

Check your online presence for identity theft!

Regular checkups will alert you to any changes with your online status which may signal identity theft. Review your credit report to see if any unrecognizable accounts were opened in your name. Check for unexplained withdrawals or charges on your credit card and bank statements. You should also make sure your important bills and statements are coming to your address since the first step for some identity thieves is to change the mailing address for an account. By doing these simple things, you’re keeping a finger on the pulse of your finances, and that will help protect you from attempted identity theft or fraud.