Welcome to Inkbunny...
Allowed ratings
To view member-only content, create an account. ( Hide )
Inkbunny

SSL v3 disabled; IE 6 users, please upgrade!

Due to a new attack, Inkbunny has removed support for an old protocol used for secure connections.

Like SHA-1, which we discontinued last week, this protocol has been obsolete for a while now and was primarily used by Internet Explorer 6 on Windows XP. If you're one of the three people who were using it to access Inkbunny, you'll need to change your web browser or upgrade your operating system.

If you're reading this, chances are you don't need to do anything. Modern browsers use TLS by default, so you won't be blocked from using Inkbunny. Chrome and Firefox will soon disable SSL support to protect you when browsing other sites, while Opera has it disabled by default in the latest version.

To protect yourself on other sites, until they or your browsers update: IE - Firefox and Chrome

The above issue is nothing to do with recent DDoS attacks on many furry sites, including Inkbunny.

In brighter news, we recently welcomed our 250,000th member and 550,000th submission!
Viewed: 1,015 times
Added: 7 years, 1 month ago
Site News Item: yes
 
Tycloud
7 years, 1 month ago
Yay! The butts are safe! :3
Eyes
7 years, 1 month ago
+1 pancake for the truth, that is most of what is on here
Zapthechu
7 years, 1 month ago
Is Opera safe?
Inkbunny
7 years, 1 month ago
The latest version of Opera appears to have disabled SSL v3 by default. You can check this in Tools/Preferences.../Advanced/Security/Security Protocols...
(There is no need to disable the ciphers in the "Details" list, even if they are marked SSL3.)
Zapthechu
7 years, 1 month ago
Alright, thanks a lot for the info.
rautamiekka
7 years, 1 month ago
Wow, I thought SSLv3 would be safe, but guess I was wrong. Shoulda read about it myself, but better late than never. Well, it's not late even now, cuz I never had any issues and nobody complained,
GreenReaper
7 years, 1 month ago
Nothing is safe forever. That's why upgrades are necessary. This attack has only just been announced, though, and it would require technical sophistication to exploit, so I wouldn't worry too much.
rautamiekka
7 years, 1 month ago
That's what I thought too.
DefenderBunny
7 years, 1 month ago
I have windows 8 is that good?
GreenReaper
7 years, 1 month ago
Yes; 8, 7, Vista is all fine. XP will work, too, but you need another browser.
DefenderBunny
7 years, 1 month ago
what do I need?
GreenReaper
7 years, 1 month ago
If you have Windows 8; the browser that comes with it is fine. You might try Chrome or Firefox instead, but it is not necessary to address this particular problem.
DefenderBunny
7 years, 1 month ago
ok thank you so much for the info^^
whitepawrolls
7 years, 1 month ago
Don't forget windows 10. The preview edition is out now :p
GreenReaper
7 years, 1 month ago
I know! I have it on my test laptop. But we're not getting hits from it, at least as far as I can tell. Maybe two. There's one from Windows 98 in there, too.
whitepawrolls
7 years, 1 month ago
Should I break out my win 3.11 virtual machine to give your counter a hickup? :p
Danjen
7 years, 1 month ago
Was the "3 people" sarcastic, or do you actually have stats to back that up? Just curious, ha
GreenReaper
7 years, 1 month ago
That's the literal number of people who used IE 6 yesterday on Inkbunny.

For comparison, the top ten browser versions:
Chrome 37: 5312
Firefox 32: 4876
Chrome 38: 1880
Internet Explorer 11: 1121
Android Browser: 713
Chrome Mobile 38.0: 614
Mobile Safari 8: 404
Mobile Safari 7: 378
Opera 24: 218
Chrome 36: 201
FerretWilliams
7 years, 1 month ago
I was wondering as well, heh.
I had a feeling it was based on actual stats, considering how well IB keeps up with the server stuff.
GreenReaper
7 years, 1 month ago
We know a lot about our visitors! But we keep it to ourselves, for the most part. No need to let Google know who's going where.
NemoTVChampion
7 years, 1 month ago
What about Safari?
GreenReaper
7 years, 1 month ago
Safari has supported TLS for years (even 6.x has TLS 1.0); I'm not sure if you can disable SSL on it.

IE users should go to Tools/Internet Options/Advanced/Security Options/Untick "Use SSL 3.0".
NemoTVChampion
7 years, 1 month ago
(sorry I'm just a bit confused with this terminology)

So.. is my browser 'safe' then?  From what I think I understand.
GreenReaper
7 years, 1 month ago
If you are using your browser in a trusted location, there should be no problem.

If you're out at some random cafe, there is the teensiest chance that the owner could read your login token from other websites. But almost certainly not; there's no exploit for this yet.

Using Inkbunny should be safe from any location, with the caveat that if you are using a computer you don't own, all bets are off. That's always the case.
Zippo
7 years, 1 month ago
I install OS's for a living and thats one of the first things I do is uncheck those options before the machine hits the internet, my own machine included. Seems some anti-furry is raging with DOS attacks, the 'neer has not updated the site in years so bound to happen.
AphroditeDraco
7 years, 1 month ago
Are there similar dangers to using Firefox 19.0.2?

EDIT:  Nvm, found the checkbox, unchecked it.  I hope my browser doesn't fuck up elsewhere as a result.  

Thanks for the heads-up, by the way.  :)
Gelyvin
7 years, 1 month ago
umm is the latest version of Firefox ok ?
GreenReaper
7 years, 1 month ago
Yes, but you can improve your security on other websites by loading "about:config" in your URL bar, searching for "security.tls.version.min", double-clicking it and setting it to 1 (the default is 0).

Chrome users can add "--ssl-version-min=tls1" on the command line to do the same thing.
Gelyvin
7 years, 1 month ago
ok thx for the tip ^^
Kamashari
7 years, 1 month ago
What's this Internet Explorer thing I keep hearing about? Isn't that a ride at Disney Land or something? Gosh, I should leave my house more often! :V
GreenReaper
7 years, 1 month ago
It really would be a cool ride - and then you could go surfing the World Wide Web!
Kamashari
7 years, 1 month ago
Well, I hope it doesn't break down, crash, burn, have problems getting back up, flies off the rails whenever it feels like, and ends up with people screaming in fear not to ride it. Who knows, maybe it'll be as fun as the other rides that do the exact same thing, but let you spin the seats!
AishaLove
7 years, 1 month ago
Or turns you into a Freakzoid
Kamashari
7 years, 1 month ago
That too.
eliteshyguy
7 years, 1 month ago
what if somebody lets say has a Zune hd and is using ie6?
GreenReaper
7 years, 1 month ago
They may be out of luck, though IE 6 Mobile does not necessarily equal IE 6.
This page gives some hope, as it mentions TLS for Windows Mobile 5+.

Microsoft discontinued the Zune three years ago, so I wouldn't bet on any updates.
eliteshyguy
7 years, 1 month ago
well that person may or may not tried to upgrade 2 IE 9
mairusu
7 years, 1 month ago
what about Maxthon users like me? :(
BinaryHedgehog
7 years, 1 month ago
As long you don't use SSL 3.3 and instead use TLS 1.0 or 1.5 , you should be fine.
GreenReaper
7 years, 1 month ago
I just checked. There are no Maxathon users like you. You're literally the only one who hit IB today.

I suggest you ask Maxathon how to do it, or switch to a more widely-used browser.
Starkythefox
7 years, 1 month ago
I think Maxthon is disguesed as Chrome when detected, I'm also a Maxthon user when on PC :p
mairusu
7 years, 1 month ago
what do you mean? is safe or not?
Starkythefox
7 years, 1 month ago
Cnn't try it here as I'm on mobile phone, Maxthon for Androin have no TLS 1.2 support but yes for TLS 1.1 and 1.0, unfortunately for SSL 3.0 too. Go to SSLlabs and click on test browser, it should tell which TLS and SSL versions supports
mairusu
7 years, 1 month ago
i see, that site saids
Protocols*
TLS 1.2 Yes
TLS 1.1 Yes
TLS 1.0 Yes
SSL 3 Yes
SSL 2 No

so yeah.. im vulnerable, thanks
Starkythefox
7 years, 1 month ago
Only thing then is wait for the websites to update, search in maxthon settings for that or adk in Maxthon support forums *shrugs* It wws based on chrome or chromium so thwre may be some kind of chrome://flags or similar

Can't try as I'm on mobile as Isaid
mairusu
7 years, 1 month ago
well, just for Opera 12 users seems like SSL 3 is disabled too
Starkythefox
7 years, 1 month ago
You could try doing the chrome solution for maxthon, maybe it works, try testing again with that
mairusu
7 years, 1 month ago
i dont know how do that
Starkythefox
7 years, 1 month ago
Right-click the desktop shortcut for Maxthon, Properties and add --ssl-version-min=tls1at the end of Target textbox after the "C:/Blabla/Maxthon.exe"
mairusu
7 years, 1 month ago
Thanks but i unistall it already xD
im now using Opera last version n_n
mairusu
7 years, 1 month ago
now im dizzy @_@
i read here Opera disabled by default but SSL Labs still saids im vulnerable Dx
GreenReaper
7 years, 1 month ago
mairusu
7 years, 1 month ago
i do, but i really dont know why still saids that.. anyways

Edit: seems the only way for fix that even in Opera last version is the same Chrome solution
Thanks guys
mairusu
7 years, 1 month ago
damn... seems is time for back to Opera again, i never like Chrome, and Maxthon was good but i dont know how disable SSL there
BinaryHedgehog
7 years, 1 month ago
Quick! Everyone draw poodles DDoSing the site!
KNIFE
7 years, 1 month ago
I use Netscape...am I safe? ;D
AphroditeDraco
7 years, 1 month ago
I don't know if this is a problem or not, but I found this tidbit of information on one of the sites dealing with this new attack.  I'll post the link below the quote:

"Worryingly, “prospective attackers can force a server to default back to SSL 3.0 for the sake of the exploit.”"

Here's the link to the article:  http://www.welivesecurity.com/2014/10/15/poodle-attack...
GreenReaper
7 years, 1 month ago
That is why we disabled it at the server. It can't be downgraded to if it's not supported.
If an attacker tries to force SSL anyway, the user's request will never get past "connecting".
AphroditeDraco
7 years, 1 month ago
Cool.  I wasn't sure if it could force it after it had been disabled or not.  Not really a techie and all that.  

Thank you.  :)
mairusu
7 years, 1 month ago
By the way, i forget ask this before.. what about browsers in cellphones? like Opera mini? D:
GreenReaper
7 years, 1 month ago
It depends. In some cases the page is rendered at a distant server, in which case it depends on what they're using - probably something up-to-date. In others, it is rendered locally, and depends on what they had when they built it. If you're using something made in the last three years, it's probably fine.
mairusu
7 years, 1 month ago
well, i just go to www.poodletest.com and seems im not vulnerable in opera mini n_n
SilentHunter
7 years, 1 month ago
Sometimes I use jumanji browser, and sometimes I use links browser. Does anyone know if those are safe?
SilentHunter
7 years, 1 month ago
Also, what about Arachne? http://www.glennmcc.org/
wtfbomb153
7 years, 1 month ago
I'm not sure if anyone in their right mind would use IE6.. x3
Candyscream
7 years, 1 month ago
If I have a request or suggestion for future changes or additions to the sites functionality, what is the apropriate way to communicate it? Do you care about such requests at all?
GreenReaper
7 years, 1 month ago
The best method is to submit a support ticket. We have limited development bandwidth, but we will consider all suggestions.
Candyscream
7 years, 1 month ago
Okay thank you. I thought about it, but I didn't want to spam the ticket system with something like this ^^
lzrnsxx
1 month, 1 week ago
transen wien is great web platform for casual sex contacts with fine shemale in Eurpean Union
baslxx
1 month ago
sex in basel is the best web platform for casual contacts with young ladies in EU check out and enjoy
New Comment:
Move reply box to top
Log in or create an account to comment.