[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] New SSLv3 attack: Turn off SSLv3 in your TorBrowser

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] New SSLv3 attack: Turn off SSLv3 in your TorBrowser
From: AntiTree <antitree@xxxxxxxxx>
Date: Wed, 15 Oct 2014 11:11:32 -0400
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 15 Oct 2014 11:11:45 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=1fWr6FH7Wzk8p+o49Wy183LDar8tNPU2bk3N/hmp8GE=; b=WLYmXVbRN615MU5/FlPcu8Vf4PBsQmSsfg+4AbugW8bDOKHdFK1kJVuHNtN/U49buh QP2VVGh7N1wBFbTnsogn8oB2ELkw8WdchVyFiE/O4YKUzGScGuiOS3835xN6lTsi3rLs HhM/wR+fjyTxpZlOZTt81HCpzIc93+BwD5NnwyglLd02FmXlOvu9VhYZRhg2iQ2n29kb 2FQ9XpgH1EDrBbpdXjmN/6nyXaGgHFCNG5O4BVd3t104x8XP0tUot2rZuQZt2jnMiqrU Rjtwfl7MCY/wfseF66DT+2gpT06yg64aXPZKMNLT+4uHVCaWRaIrMnNz2FKIkLoNO6KP Ky4A==
In-reply-to: <20141015143732.GA3275@xxxxxxxxxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <CAKDKvuyutPgxnLJyMeznMM9Uq6ow=aKLg6=1Q6qk8y0yT2mf3Q@xxxxxxxxxxxxxx> <20141015072057.GA15352@localhost> <20141015143732.GA3275@xxxxxxxxxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

>
> Someone somewhere (I think Mike Perry quoting AGL) mentioned today that
> we'd only be
> breaking 0.3% of the internet if we do this.
>

My fact checker 9000 looked into this[1]. the 0.3% is probably close but
here are a few stats per Zmap and Alexa

- of the top 1 Million domains, 0.02% have SSLv3 as their highest version
(verified domains)
- of the entire ipv4 space, 2.8% use SSLv3 as their highest version
(unverified certificates)

[1]. https://zmap.io/sslv3/

@
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] New SSLv3 attack: Turn off SSLv3 in your TorBrowser
  - From: isis

References:
- [tor-talk] New SSLv3 attack: Turn off SSLv3 in your TorBrowser
  - From: Nick Mathewson
- Re: [tor-talk] New SSLv3 attack: Turn off SSLv3 in your TorBrowser
  - From: Matthew Finkel
- Re: [tor-talk] New SSLv3 attack: Turn off SSLv3 in your TorBrowser
  - From: isis

Prev by Author: [tor-talk] Tor-ramdisk 20141022 released
Next by Author: Re: [tor-talk] Facebook brute forcing hidden services
Previous by thread: Re: [tor-talk] New SSLv3 attack: Turn off SSLv3 in your TorBrowser
Next by thread: Re: [tor-talk] New SSLv3 attack: Turn off SSLv3 in your TorBrowser
Index(es):
- Author
- Thread