Login
Username:

Password:

Remember me



Lost Password?

Register now!

Sections

Who's Online
135 user(s) are online (111 user(s) are browsing Forums)

Members: 0
Guests: 135

more...

Support us!

Headlines

 
  Register To Post  

Odyssey's SSL is susceptible to the Freak attack
Home away from home
Home away from home


See User information
You can test Odyssey here:
https://freakattack.com/

Go to top
Re: Odyssey's SSL is susceptible to the Freak attack
Just can't stay away
Just can't stay away


See User information
@ChrisH
Odyssey appears to be using AmiSSL so maybe it's an AmiSSL problem. RA-OWB shows the same result at that site. NetSurf just freezes after loading the page.

Amiga X1000 with 2GB memory & OS 4.1FE + Radeon HD 5450

Go to top
Re: Odyssey's SSL is susceptible to the Freak attack
Just can't stay away
Just can't stay away


See User information
@xenic

OWB uses a statically linked libopenssl (not AmiSSL) and most likely Odyssey does too. In that case the only thing that needs to be done is to compile and re-link with a newer version of libopenssl assuming that the problem has already been fixed there.

Go to top
Re: Odyssey's SSL is susceptible to the Freak attack
Quite a regular
Quite a regular


See User information
At least TW sems to be immune.

cheers
tony
Go to top
Re: Odyssey's SSL is susceptible to the Freak attack
Amigans Defender
Amigans Defender


See User information
@xenic

Quote:
NetSurf just freezes after loading the page.


It doesn't here (using a recent dev version), but the check result doesn't display, probably because it uses Javascript.

On this page there are a couple of other links, which "if either connection succeeds, your software is vulnerable". I can't connect to either of them, so I think it's probably OK - at least in the latest dev, v3.2 might be a different story as it'll have an older OpenSSL.

Go to top
Re: Odyssey's SSL is susceptible to the Freak attack
Home away from home
Home away from home


See User information
Quote:

OWB uses a statically linked libopenssl (not AmiSSL) and most likely Odyssey does too. In that case the only thing that needs to be done is to compile and re-link with a newer version of libopenssl assuming that the problem has already been fixed there.


Salas00 right. Odyssey build use classic/standard libopenssl, which just need to be recompiled with new version (at least os4 version, i do not remember about morphos version, but imho libopenssl as well).

Anyway, imho, all those "modern" bugs, make no hurt for us in general, as most of time no one will try to hack anyone with amigaos. Even, if it all will be related to some cross-platform attacks, most of time they will fail as something will be non supported in our browser and attack will fail :) Sure, better to have all up2date, but in our case we can no worry most of time , imho.

Go to top
Re: Odyssey's SSL is susceptible to the Freak attack
Amigans Defender
Amigans Defender


See User information
@kas1e

Quote:

Anyway, imho, all those "modern" bugs, make no hurt for us in general, as most of time no one will try to hack anyone with amigaos. Even, if it all will be related to some cross-platform attacks, most of time they will fail as something will be non supported in our browser and attack will fail :) Sure, better to have all up2date, but in our case we can no worry most of time , imho.


That's a bad attitude to have to security advisories.

Quote:
On Tuesday, March 3, 2015, researchers announced a new SSL/TLS vulnerability called the FREAK attack. It allows an attacker to intercept HTTPS connections between vulnerable clients and servers and force them to use weakened encryption, which the attacker can break to steal or manipulate sensitive data.


This is applicable to everybody.

Go to top
Re: Odyssey's SSL is susceptible to the Freak attack
Quite a regular
Quite a regular


See User information
@ChrisH
And freezes and crashes!

Go to top
Re: Odyssey's SSL is susceptible to the Freak attack
Quite a regular
Quite a regular


See User information
@kas1e

I'd rather someone update Odyssey with something useful like a newer WebKit, Ràdeon HD support and a focus on speed. Some sites really crawl on AmigaOS.

Although it's the best browser for AmigaOS it stills needs regular updates.

Go to top
Re: Odyssey's SSL is susceptible to the Freak attack
Home away from home
Home away from home


See User information
@djrikki Quote:
I'd rather someone update Odyssey with something useful

So you'd rather have browser speed, at the expense of your paypal/bank/email/etc account being hacked?

This is such a common flaw (it applies to majority of Windows PCs especially if using IE), that criminals will likely be targeting it (if not already) for a long time to come.

Quote:
a focus on speed. Some sites really crawl on AmigaOS.

That's certainly true, but most of the remaining speed problems can be blamed on heavy usage of JavaScript (e.g. Facebook). Sadly we may need ANOTHER bounty to get the JavaScript JIT that is being worked on for MorphOS (assuming it's developers are willing to allow an AmigaOS4 port in the first place - which I have no idea about).

OK, another speed issue is video playback, for which usage of AmigaOS4's new YUV compositing mode *might* help a lot.

Go to top

  Register To Post

 




Currently Active Users Viewing This Thread: 1 ( 0 members and 1 Anonymous Users )




Powered by XOOPS 2.0 © 2001-2024 The XOOPS Project