Welcome to the JaguarPC Community
JaguarPC
Sales: (888) 338-5261
Support: (888)-551-3050
Results 1 to 3 of 3

This is a discussion on TLSv1 encryption hacked in the News and Announcements forum
according to a recent whitepaper published here : Hackers break SSL encryption used by millions of sites • The Register As mentioned : The vulnerability ...

  1. 09-20-2011, 09:42 AM #1
    JPC-Nazmy
    JPC-Nazmy is offline
    JPC Dream Team
    Join Date
    Aug 2010
    Posts
    78

    Exclamation TLSv1 encryption hacked

    according to a recent whitepaper published here :
    Hackers break SSL encryption used by millions of sites • The Register

    As mentioned :

    The vulnerability resides in versions 1.0 and earlier of TLS, or transport layer security, the successor to the secure sockets layer technology that serves as the internet's foundation of trust. Although versions 1.1 and 1.2 of TLS aren't susceptible, they remain almost entirely unsupported in browsers and websites alike, making encrypted transactions on PayPal, GMail, and just about every other website vulnerable to eavesdropping by hackers who are able to control the connection between the end user and the website he's visiting.
    This is mainly a browser side hack so please open your browser(s) settings and remove the support for TLSv1.0 in encryptions/advanced tab
    Reply With Quote Reply With Quote
  2. 09-20-2011, 12:01 PM #2
    JPC-Misty
    JPC-Misty is offline
    JPC Dream Team
    Join Date
    Aug 2011
    Posts
    14
    In Chrome this is under Options>Under the Hood>HTTPS/SSL>Uncheck Use TLS 1.0.
    Reply With Quote Reply With Quote
  3. 09-28-2011, 04:08 AM #3
    JPC-Nazmy
    JPC-Nazmy is offline
    JPC Dream Team
    Join Date
    Aug 2010
    Posts
    78
    We are currently upgrading apache on all servers to overcome this security weakness in TLS and also applying more fixes to block new hackers attack techniques .

    As for this SSL attack you can follow this steps to make sure your data isn't sniffed online :

    1- Close all your browser (all open windows/tabs)

    2- Open your browser and go directly to the desired secure site without connecting to any insecure sites first.

    OR

    1- make your homepage that opens when you start your browser a secure page example https://gmail.com

    2- Put bookmarks to frequently visited secure web sites on your desktop, so when you click on them your browser is opened and you go directly to that secure page.

    3- Disable JavaScript in your browser. Alternately, configure your browser to only allow JavaScript with specific trusted secure sites.

    4- Use a VPN (virtual private network). If you connect your computer to a network you do trust (like work), this sends all your secure and insecure web connections over the VPN bypassing any ability of a malicious person in your local network from viewing or interfering with any of your web browsing.

    5- Separate your usage for secured sites on a different browser example : normal sites on Internet Explorer and secured sites on FireFox.

    Hope this cleared up the issue and any questions are welcomed .
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules