Tuesday, October 28, 2014

On security: Avoid weak SSL v3

SSL v3 is a weak protocol we all use without noticing when we access anything “secure” on the web including native applications in our phones.

Applications providers should remove support for it and users/help desk personnel should update browsers. Failure to do this will add to chances to get any of your online accounts compromised.

What steps should you follow to protect yourself?
  1. Go to https://dev.ssllabs.com/ssltest/viewMyClient.html to understand if your browser is secure
  2. If you get a message like "Your user agent is vulnerable. You should disable SSL 3.” then follow the instructions from https://zmap.io/sslv3/browsers.html

No comments: