Welcome to Inkbunny...
Allowed ratings
To view member-only content, create an account. ( Hide )
Inkbunny

SSL v3 disabled; IE 6 users, please upgrade!

Due to a new attack, Inkbunny has removed support for an old protocol used for secure connections.

Like SHA-1, which we discontinued last week, this protocol has been obsolete for a while now and was primarily used by Internet Explorer 6 on Windows XP. If you're one of the three people who were using it to access Inkbunny, you'll need to change your web browser or upgrade your operating system.

If you're reading this, chances are you don't need to do anything. Modern browsers use TLS by default, so you won't be blocked from using Inkbunny. Chrome and Firefox will soon disable SSL support to protect you when browsing other sites, while Opera has it disabled by default in the latest version.

To protect yourself on other sites, until they or your browsers update: IE - Firefox and Chrome

The above issue is nothing to do with recent DDoS attacks on many furry sites, including Inkbunny.

In brighter news, we recently welcomed our 250,000th member and 550,000th submission!
Viewed: 999 times
Added: 3 years, 6 months ago
Site News Item: yes
 
Tycloud
3 years, 6 months ago
Yay! The butts are safe! :3
Eyes
3 years, 6 months ago
+1 pancake for the truth, that is most of what is on here
Zapthechu
3 years, 6 months ago
Is Opera safe?
Inkbunny
3 years, 6 months ago
The latest version of Opera appears to have disabled SSL v3 by default. You can check this in Tools/Preferences.../Advanced/Security/Security Protocols...
(There is no need to disable the ciphers in the "Details" list, even if they are marked SSL3.)
Zapthechu
3 years, 6 months ago
Alright, thanks a lot for the info.
rautamiekka
3 years, 6 months ago
Wow, I thought SSLv3 would be safe, but guess I was wrong. Shoulda read about it myself, but better late than never. Well, it's not late even now, cuz I never had any issues and nobody complained,
GreenReaper
3 years, 6 months ago
Nothing is safe forever. That's why upgrades are necessary. This attack has only just been announced, though, and it would require technical sophistication to exploit, so I wouldn't worry too much.
rautamiekka
3 years, 6 months ago
That's what I thought too.
DefenderBunny
3 years, 6 months ago
I have windows 8 is that good?
GreenReaper
3 years, 6 months ago
Yes; 8, 7, Vista is all fine. XP will work, too, but you need another browser.
DefenderBunny
3 years, 6 months ago
what do I need?
GreenReaper
3 years, 6 months ago
If you have Windows 8; the browser that comes with it is fine. You might try Chrome or Firefox instead, but it is not necessary to address this particular problem.
DefenderBunny
3 years, 6 months ago
ok thank you so much for the info^^
whitepawrolls
3 years, 6 months ago
Don't forget windows 10. The preview edition is out now :p
GreenReaper
3 years, 6 months ago
I know! I have it on my test laptop. But we're not getting hits from it, at least as far as I can tell. Maybe two. There's one from Windows 98 in there, too.
whitepawrolls
3 years, 6 months ago
Should I break out my win 3.11 virtual machine to give your counter a hickup? :p
Danjen
3 years, 6 months ago
Was the "3 people" sarcastic, or do you actually have stats to back that up? Just curious, ha
GreenReaper
3 years, 6 months ago
That's the literal number of people who used IE 6 yesterday on Inkbunny.

For comparison, the top ten browser versions:
Chrome 37: 5312
Firefox 32: 4876
Chrome 38: 1880
Internet Explorer 11: 1121
Android Browser: 713
Chrome Mobile 38.0: 614
Mobile Safari 8: 404
Mobile Safari 7: 378
Opera 24: 218
Chrome 36: 201
FerretWilliams
3 years, 6 months ago
I was wondering as well, heh.
I had a feeling it was based on actual stats, considering how well IB keeps up with the server stuff.
GreenReaper
3 years, 6 months ago
We know a lot about our visitors! But we keep it to ourselves, for the most part. No need to let Google know who's going where.
NemoTVChampion
3 years, 6 months ago
What about Safari?
GreenReaper
3 years, 6 months ago
Safari has supported TLS for years (even 6.x has TLS 1.0); I'm not sure if you can disable SSL on it.

IE users should go to Tools/Internet Options/Advanced/Security Options/Untick "Use SSL 3.0".
NemoTVChampion
3 years, 6 months ago
(sorry I'm just a bit confused with this terminology)

So.. is my browser 'safe' then?  From what I think I understand.
GreenReaper
3 years, 6 months ago
If you are using your browser in a trusted location, there should be no problem.

If you're out at some random cafe, there is the teensiest chance that the owner could read your login token from other websites. But almost certainly not; there's no exploit for this yet.

Using Inkbunny should be safe from any location, with the caveat that if you are using a computer you don't own, all bets are off. That's always the case.
Zippo
3 years, 6 months ago
I install OS's for a living and thats one of the first things I do is uncheck those options before the machine hits the internet, my own machine included. Seems some anti-furry is raging with DOS attacks, the 'neer has not updated the site in years so bound to happen.
LordShara
3 years, 6 months ago
Are there similar dangers to using Firefox 19.0.2?

EDIT:  Nvm, found the checkbox, unchecked it.  I hope my browser doesn't fuck up elsewhere as a result.  

Thanks for the heads-up, by the way.  :)
Gelyvin
3 years, 6 months ago
umm is the latest version of Firefox ok ?
GreenReaper
3 years, 6 months ago
Yes, but you can improve your security on other websites by loading "about:config" in your URL bar, searching for "security.tls.version.min", double-clicking it and setting it to 1 (the default is 0).

Chrome users can add "--ssl-version-min=tls1" on the command line to do the same thing.
Gelyvin
3 years, 6 months ago
ok thx for the tip ^^
Kamashari
3 years, 6 months ago
What's this Internet Explorer thing I keep hearing about? Isn't that a ride at Disney Land or something? Gosh, I should leave my house more often! :V
GreenReaper
3 years, 6 months ago
It really would be a cool ride - and then you could go surfing the World Wide Web!
Kamashari
3 years, 6 months ago
Well, I hope it doesn't break down, crash, burn, have problems getting back up, flies off the rails whenever it feels like, and ends up with people screaming in fear not to ride it. Who knows, maybe it'll be as fun as the other rides that do the exact same thing, but let you spin the seats!
AishaLove
3 years, 6 months ago
Or turns you into a Freakzoid
Kamashari
3 years, 6 months ago
That too.
eliteshyguy
3 years, 6 months ago
what if somebody lets say has a Zune hd and is using ie6?
GreenReaper
3 years, 6 months ago
They may be out of luck, though IE 6 Mobile does not necessarily equal IE 6.
This page gives some hope, as it mentions TLS for Windows Mobile 5+.

Microsoft discontinued the Zune three years ago, so I wouldn't bet on any updates.
eliteshyguy
3 years, 6 months ago
well that person may or may not tried to upgrade 2 IE 9
AlexCoon
3 years, 6 months ago
what about Maxthon users like me? :(
BinaryHedgehog
3 years, 6 months ago
As long you don't use SSL 3.3 and instead use TLS 1.0 or 1.5 , you should be fine.
GreenReaper
3 years, 6 months ago
I just checked. There are no Maxathon users like you. You're literally the only one who hit IB today.

I suggest you ask Maxathon how to do it, or switch to a more widely-used browser.
Starkythefox
3 years, 6 months ago
I think Maxthon is disguesed as Chrome when detected, I'm also a Maxthon user when on PC :p
AlexCoon
3 years, 6 months ago
what do you mean? is safe or not?
Starkythefox
3 years, 6 months ago
Cnn't try it here as I'm on mobile phone, Maxthon for Androin have no TLS 1.2 support but yes for TLS 1.1 and 1.0, unfortunately for SSL 3.0 too. Go to SSLlabs and click on test browser, it should tell which TLS and SSL versions supports
AlexCoon
3 years, 6 months ago
i see, that site saids
Protocols*
TLS 1.2 Yes
TLS 1.1 Yes
TLS 1.0 Yes
SSL 3 Yes
SSL 2 No

so yeah.. im vulnerable, thanks
Starkythefox
3 years, 6 months ago
Only thing then is wait for the websites to update, search in maxthon settings for that or adk in Maxthon support forums *shrugs* It wws based on chrome or chromium so thwre may be some kind of chrome://flags or similar

Can't try as I'm on mobile as Isaid
AlexCoon
3 years, 6 months ago
well, just for Opera 12 users seems like SSL 3 is disabled too
Starkythefox
3 years, 6 months ago
You could try doing the chrome solution for maxthon, maybe it works, try testing again with that
AlexCoon
3 years, 6 months ago
i dont know how do that
Starkythefox
3 years, 6 months ago
Right-click the desktop shortcut for Maxthon, Properties and add --ssl-version-min=tls1at the end of Target textbox after the "C:/Blabla/Maxthon.exe"
AlexCoon
3 years, 6 months ago
Thanks but i unistall it already xD
im now using Opera last version n_n
AlexCoon
3 years, 6 months ago
now im dizzy @_@
i read here Opera disabled by default but SSL Labs still saids im vulnerable Dx
GreenReaper
3 years, 6 months ago
AlexCoon
3 years, 6 months ago
i do, but i really dont know why still saids that.. anyways

Edit: seems the only way for fix that even in Opera last version is the same Chrome solution
Thanks guys
AlexCoon
3 years, 6 months ago
damn... seems is time for back to Opera again, i never like Chrome, and Maxthon was good but i dont know how disable SSL there
BinaryHedgehog
3 years, 6 months ago
Quick! Everyone draw poodles DDoSing the site!
KNIFE
3 years, 6 months ago
I use Netscape...am I safe? ;D
LordShara
3 years, 6 months ago
I don't know if this is a problem or not, but I found this tidbit of information on one of the sites dealing with this new attack.  I'll post the link below the quote:

"Worryingly, “prospective attackers can force a server to default back to SSL 3.0 for the sake of the exploit.”"

Here's the link to the article:  http://www.welivesecurity.com/2014/10/15/poodle-attack...
GreenReaper
3 years, 6 months ago
That is why we disabled it at the server. It can't be downgraded to if it's not supported.
If an attacker tries to force SSL anyway, the user's request will never get past "connecting".
LordShara
3 years, 6 months ago
Cool.  I wasn't sure if it could force it after it had been disabled or not.  Not really a techie and all that.  

Thank you.  :)
AlexCoon
3 years, 6 months ago
By the way, i forget ask this before.. what about browsers in cellphones? like Opera mini? D:
GreenReaper
3 years, 6 months ago
It depends. In some cases the page is rendered at a distant server, in which case it depends on what they're using - probably something up-to-date. In others, it is rendered locally, and depends on what they had when they built it. If you're using something made in the last three years, it's probably fine.
AlexCoon
3 years, 6 months ago
well, i just go to www.poodletest.com and seems im not vulnerable in opera mini n_n
SilentHunter
3 years, 6 months ago
Sometimes I use jumanji browser, and sometimes I use links browser. Does anyone know if those are safe?
SilentHunter
3 years, 6 months ago
Also, what about Arachne? http://www.glennmcc.org/
wtfbomb153
3 years, 6 months ago
I'm not sure if anyone in their right mind would use IE6.. x3
Candyscream
3 years, 6 months ago
If I have a request or suggestion for future changes or additions to the sites functionality, what is the apropriate way to communicate it? Do you care about such requests at all?
GreenReaper
3 years, 6 months ago
The best method is to submit a support ticket. We have limited development bandwidth, but we will consider all suggestions.
Candyscream
3 years, 6 months ago
Okay thank you. I thought about it, but I didn't want to spam the ticket system with something like this ^^
New Comment:
Move reply box to top
Log in or create an account to comment.