[ SHOWGSD-L ] We all wonder why?
- From: "Evan Ginsburg" <dmarc-noreply@xxxxxxxxxxxxx> (Redacted sender "elg440@xxxxxxx" for DMARC)
- To: Showgsd-l@xxxxxxxxxxxxx
- Date: Wed, 3 Dec 2014 20:04:39 -0500
Probably not either of those. I have wondered about that for years.
Evan
-----Original Message-----
From: edwinx <edwinx@xxxxxxxxxxx>
To: dmarc-noreply <dmarc-noreply@xxxxxxxxxxxxx>; Showgsd-l
<Showgsd-l@xxxxxxxxxxxxx>
Sent: Wed, Dec 3, 2014 10:19 am
Subject: [ SHOWGSD-L ] Re: poodle attacK
Learn something new every day! I thought Tedi married you cuz you don't eat
much! Who knew she liked the smart guys! Lol FB
Sent from Xfinity Connect Mobile App
------ Original Message ------
From: Evan Ginsburg
To: freelist
Sent: December 3, 2014 at 7:58 AM
Subject: [ SHOWGSD-L ] Re: poodle attacK
I am not a stupid man.
I hold a Bachelor of Science, and a doctorate of Law. I passed the test for
Mensa, and am even an AKC judge. I passed the notary exam, have argued
before the California Supreme Court on a number of occasions. I am admitted
to Federal Tax Court, The Court of Military Appeals, and have had over 200
jury verdicts. I have won appeals in over 30 cases before the Court of
Appeals, and have tried cases in four states. I was admitted to the Magic
Castle, and have won awards for performing on stage as a magician.
With that being said, I have no idea what Zoe is saying. I know it is
English, and I know I can use a computer, but am I the only person who can't
decipher that language.
One the other hand, do I need to know?
Evan
-----Original Message-----
From: Doc Zoe <wynsum@xxxxxxx>
To: Showgsd-l <Showgsd-l@xxxxxxxxxxxxx>
Sent: Wed, Dec 3, 2014 8:31 am
Subject: [ SHOWGSD-L ] poodle attacK
October 15, 2014 , 10:35 am
With details of the new POODLE attack on SSLv3 now public, browser vendors
are
in the process of planning how theyÂre going to address the issue in their
products in a way that doesnÂt break the Internet for millions of u
sers but still provides protection.
The attack, which was disclosed by a trio of Google security researchers on
Tuesday, allows an attacker on the same network as a victim to decrypt
sensitive
data thatÂs protected by SSLv3 encryption. It can be executed in
the background and takes advantage of the fact that when a client tries to
establish a secure connection to a server and fails, the server will attempt
to
make the connection using a different protocol, a process known a
s falling back. An attacker can force an unsuccessful connection and make
the
server use SSLv3, and then execute the attack.
Officials at Mozilla said that although Firefox only uses SSLv3 for about
0.3
percent of
transactions globally, the POODLE attack still represents a significant
threat
to users. The
company is planning to remove the vulnerable protocol from Firefox by the
endof
next month.
ÂSSLv3 will be disabled by default in Firefox 34, which will be released on
Nov
25.Â
ÂSSLv3 will be disabled by default in Firefox 34, which will be released on
Nov
25. The code to
disable it is landing today in Nightly, and will be promoted to Aurora and
Beta
in the next few
weeks. This timing is intended to allow website operators some time to
upgrade
any servers that
still rely on SSLv3, Richard Barnes of Mozilla said in a blog post.
ÂAs an additional precaution, Firefox 35 will support a generic TLS
downgrade
protection mechanism known as SCSV. If this is supported by the server, it
prevents attacks that rely on insecure fallback.Â
Google security officials said that Chrome has supported the SCSV mechanism
since February, but warned that disabling SSLv3 will cause problems for site
owners who still support the protocol.
ÂDisabling SSL 3.0 support, or CBC-mode ciphers with SSL 3.0, is sufficient
to
mitigate this issue, but presents significant compatibility problems, even
today. Therefore our recommended response is to support TLS_FALLBAC
K_SCSV. This is a mechanism that solves the problems caused by retrying
failed
connections and thus prevents attackers from inducing browsers to use SSL
3.0.
It also prevents downgrades from TLS 1.2 to 1.1 or 1.0 and so m
ay help prevent future attacks, said Bodo Möller, one of the Google
researchers
who developed the attack.
ÂGoogle Chrome and our servers have supported TLS_FALLBACK_SCSV since
February
and thus we have good evidence that it can be used without compatibility
problems. Additionally, Google Chrome will begin testing changes toda
y that disable the fallback to SSL 3.0. This change will break some sites
and
those sites will need to be updated quickly.Â
Microsoft issued an advisory about the POODLE attack on Tuesday but didnÂt
announce any
specific plans for disabling the protocol in Windows or Internet Explorer.
IE6,
an ancient version
of the companyÂs browser, is the only major browser that doesnÂt support
anything newer than
SSLv3.
ÂThis is an industry-wide vulnerability affecting the SSL 3.0 protocol
itself
and is not specific to
the Windows operating system. All supported versions of Microsoft Windows
implement this
protocol and are affected by this vulnerability. Microsoft is not aware of
attacks that try to use
the reported vulnerability at this time. Considering the attack scenario,
this
vulnerability is not
considered high risk to customers, MicrosoftÂs advisory says.
Dr Zoe Backman
http://wynsumgsd.com
===========================================================================PO
ST is Copyrighted 2014. All material remains the property of the original
author and of GSD Communication, Inc. NO REPRODUCTIONS or FORWARDS of any
kind
are permitted without prior permission of the original author AND of the
Showgsd-l Management. ALL RIGHTS RESERVED.
Each Author is responsible for the content of his/her post. This group and
its
administrators are not responsible for the comments or opinions expressed in
any
post.
ALL PERSONS ARE ON NOTICE THAT THE FORWARDING, REPRODUCTION OR USE IN ANY
MANNER
OF ANY MATERIAL WHICH APPEARS ON SHOWGSD-L WITHOUT THE EXPRESS PERMISSION OF
ALL
PARTIES TO THE POST AND THE LIST MANAGEMENT IS EXPRESSLY FORBIDDEN, AND IS A
VIOLATION OF LAW. VIOLATORS OF THIS PROHIBITION WILL BE PROSECUTED.
For assistance, please contact the List Management at admin@xxxxxxxxxxx
VISIT OUR WEBSITE - http://showgsd.org SUBSCRIPTION:
http://showgsd.org/mail.html
NATIONAL BLOG - http://gsdnational.blogspot.com/
===========================================================================
===========================================================================POST
is Copyrighted 2014. All material remains the property of the original
author and of GSD Communication, Inc. NO REPRODUCTIONS or FORWARDS of any
kind are permitted without prior permission of the original author AND of
theShowgsd-l Management. ALL RIGHTS RESERVED.
Each Author is responsible for the content of his/her post. This group and
its administrators are not responsible for the comments or opinions
expressedin any post.
ALL PERSONS ARE ON NOTICE THAT THE FORWARDING, REPRODUCTION OR USE IN ANY
MANNER OF ANY MATERIAL WHICH APPEARS ON SHOWGSD-L WITHOUT THE EXPRESS
PERMISSION OF ALL PARTIES TO THE POST AND THE LIST MANAGEMENT IS EXPRESSLY
FORBIDDEN, AND IS A VIOLATION OF LAW. VIOLATORS OF THIS PROHIBITION WILL BE
PROSECUTED.
For assistance, please contact the List Management at admin@xxxxxxxxxxx
VISIT OUR WEBSITE - http://showgsd.org SUBSCRIPTION:
http://showgsd.org/mail.html
NATIONAL BLOG - http://gsdnational.blogspot.com/
===========================================================================
===========================================================================POST
is Copyrighted 2014. All material remains the property of the original
author and of GSD Communication, Inc. NO REPRODUCTIONS or FORWARDS of any kind
are permitted without prior permission of the original author AND of the
Showgsd-l Management. ALL RIGHTS RESERVED.
Each Author is responsible for the content of his/her post. This group and its
administrators are not responsible for the comments or opinions expressed in
any
post.
ALL PERSONS ARE ON NOTICE THAT THE FORWARDING, REPRODUCTION OR USE IN ANY
MANNER
OF ANY MATERIAL WHICH APPEARS ON SHOWGSD-L WITHOUT THE EXPRESS PERMISSION OF
ALL
PARTIES TO THE POST AND THE LIST MANAGEMENT IS EXPRESSLY FORBIDDEN, AND IS A
VIOLATION OF LAW. VIOLATORS OF THIS PROHIBITION WILL BE PROSECUTED.
For assistance, please contact the List Management at admin@xxxxxxxxxxx
VISIT OUR WEBSITE - http://showgsd.org SUBSCRIPTION:
http://showgsd.org/mail.html
NATIONAL BLOG - http://gsdnational.blogspot.com/
===========================================================================
============================================================================
POST is Copyrighted 2014. All material remains the property of the original
author and of GSD Communication, Inc. NO REPRODUCTIONS or FORWARDS of any kind
are permitted without prior permission of the original author AND of the
Showgsd-l Management. ALL RIGHTS RESERVED.
Each Author is responsible for the content of his/her post. This group and its
administrators are not responsible for the comments or opinions expressed in
any post.
ALL PERSONS ARE ON NOTICE THAT THE FORWARDING, REPRODUCTION OR USE IN ANY
MANNER OF ANY MATERIAL WHICH APPEARS ON SHOWGSD-L WITHOUT THE EXPRESS
PERMISSION OF ALL PARTIES TO THE POST AND THE LIST MANAGEMENT IS EXPRESSLY
FORBIDDEN, AND IS A VIOLATION OF LAW. VIOLATORS OF THIS PROHIBITION WILL BE
PROSECUTED.
For assistance, please contact the List Management at admin@xxxxxxxxxxx
VISIT OUR WEBSITE - http://showgsd.org SUBSCRIPTION:
http://showgsd.org/mail.html
NATIONAL BLOG - http://gsdnational.blogspot.com/
============================================================================
Other related posts:
- » [ SHOWGSD-L ] We all wonder why? - Evan Ginsburg
