With just a few hours until researchers unveiled an attack they say decrypts sensitive web traffic protected by the ubiquitous secure sockets layer protocol, cryptographers described a simple way website operators can insulate themselves against the exploit. The recommendations published Friday by two-factor authentication …
All the money spent on security, and along comes a user and its not worth its salt (pun intended)
Google cant really talk, they know there targets too, nice of them to offer a solution, but security is really an ongoing war, the best advice use as much as you can and if its critical dont put it online.
As long as it doesn't affect my porn browsing I couldn't care less....
Does keeping the SSL 3.0 and unchecking the TLS 1.0 in firefox do any good, or more harm than good? I thought I read that the TLS part was the issue.
Both TLS 1.0 and SSL 3.0 are vulnerable. Only TLS 1.1 and TLS 1.2 are not, but they are supported by about 2% of web servers out there.
To protect yourself you can use different browser for sensitive sites (banking, paypall, etc.) and another for regular web browsing.
No, SSL 3.0 has exactly the same issue that TLS 1.0 has.
You can think of TLS 1.0 as SSL 3.1 if you like. They're very similar. The name changed when it went from being led entirely by Netscape to being a standards-committee process.
3DES is just fine, Michael.