Toggle Sidebar
Recent updates
  • Post is under moderation
    olli featured the blog post, Attack of the POODLEs

    Attack of the POODLEs

    Posted in Security on Tuesday, 04 November 2014

    Three weeks ago a group of researchers from Google announced an attack against the SSL v3 protocol (the ancestor of the TLS 1.x protocol) called POODLE (a stylish abbreviation of "Padding Oracle On Downgraded Legacy Encryption"). This attack is similar to the BEAST attack that was revealed a few years ago, and one of the researchers that found the POODLE attack was part of the team that found BEAST.POODLE is able to quickly discover the content of a HTTPS request, such as a session cookie, but only if the connection is using the SSL v3 protocol, a version of SSL/TLS that became obsolete with the introduction of TLS 1.0 in 1999. As almost all (>99%) secure web servers now support at least TLS 1.0 (which is not vulnerable to the attack, provided the server is correctly implemented), it might sound like this attack is not very useful. Unfortunately, that is not so.Because there are a lot of badly implemented SSL and TLS servers, if a modern browser tries to connect to a server and the server breaks the connection because it doesn't "like" how modern the client is, the browser will try again using an older version of the SSL/TLS protocol which the server might like better. If "necessary", the browser will (currently) go all the way back to SSL v3. This process is called version rollback, and is considered a security vulnerability (but one that is intentionally built into the browser). This means that, if the client can be tricked, for example by an attacker preventing the clients attempts to use TLS 1.0 or higher from reaching the server, into negotiating SSL v3 instead, then the client's connection can be attacked using the POODLE attack. ...

    Stream item published successfully. Item will now be visible on your stream.
  • Post is under moderation
    olli joined the group Vivaldi Users Group
    Stream item published successfully. Item will now be visible on your stream.
  • Post is under moderation

    How to migrate your My Opera Blog to Vivaldi

    Posted in Vivaldi on Tuesday, 28 January 2014

    Hi everyone,...

    Stream item published successfully. Item will now be visible on your stream.
  • Post is under moderation
    olli featured the blog post, Upgrade / Maintenance

    Upgrade / Maintenance

    Posted in Uncategorized on Monday, 27 January 2014

    Hi Vivaldies! Thank you for signing up with Vivaldi.net! It has been about a month since we launched Vivaldi. We are happy to see the community growing and great feedbacks we have gotten so far We thought some of you may be interested in what's happening behind the scene. So, this would be a place for us to share information about updates we are making to Vivaldi.net At 0:00 UTC January 28th, we are upgrading Vivaldi.net. So, we will have to take the site down for 30 min or so while upgrading it. This upgrade fixes number of issues being reported by many of you. I will post a changelog tomorrow. Thanks again for helping us to improve Vivaldi.net Cheers,

    Stream item published successfully. Item will now be visible on your stream.
  • Post is under moderation
    Stream item published successfully. Item will now be visible on your stream.
Go to top

Don't have an account?

Register now to join the community!