Major flaw in outdated but widely-used SSL protocol ( POODLE )

You can apply any flags even when Chrome is launched by other software, as long as Chrome is your default browser.

Open regedit and search for 'chrome.exe" -- "%1"' without single quotation.
In my Win7, those keys are found:
HKEY_CLASSES_ROOT\ChromeHTML\shell\open\command
HKEY_CLASSES_ROOT\ftp\shell\open\command
HKEY_CLASSES_ROOT\http\shell\open\command
HKEY_CLASSES_ROOT\https\shell\open\command
HKEY_CURRENT_USER\Software\Classes\ChromeHTML\shell\open\command
HKEY_CURRENT_USER\Software\Classes\ftp\shell\open\command
HKEY_CURRENT_USER\Software\Classes\http\shell\open\command
HKEY_CURRENT_USER\Software\Classes\https\shell\open\command
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromeHTML\shell\open\command

Then, insert flags btwn chrome.exe" and -- "%1" just like this (be careful for space!)
...\Google\Chrome\Application\chrome.exe" --enable-strict-site-isolation --ssl-version-min=tls1 -- "%1"
Do this for every entry, push F5 and exit regedit, then see whether those flags are applied.

 

Thank you for your suggestion @142395 ! It's really useful. For now I won't be changing all those registry settings. I will just wait until Google introduces this option in the browser settings.

 

Preventing POODLE attacks on Firefox, by opening about:config & searching for "security.enable," then setting it to "security.enable_ssl3" = false works for me, on both v3.6 & v27

 

The POODLE SSLv3 Threat
The good news is that Ixquick's servers are protected against this vulnerability.
Because Ixquick does not support SSL v3, you are safe from POODLE when visiting Ixquick.com.

https://support.ixquick.com/index.php?/Knowledgebase/Article/View/1174/0/the-poodle-sslv3-threat

 

Deprecated according to Security.tls.version.* .

 

Migitated in iOS 8.1 by forcing RC4 encryption on SSLv3 connections:
https://support.apple.com/kb/HT6541

 

Just out of curiosity I checked my 3DS browser: https://en.wikipedia.org/wiki/Internet_Browser_(Nintendo_3DS)
Latest (1.7567) is vulnerable to Poodle. In fact the browser ONLY uses SSL3 and no TLS.

While that might get fixed in an update at some point, it does make me think how many browsers are going to be vulnerable for the years to come.

 

You're most welcome

 

Microsoft releases anti-POODLE Fix It
October 29, 2014
http://www.zdnet.com/microsoft-releases-anti-poodle-fix-it-7000035216/
----------------
Microsoft Security Advisory 3009008
Vulnerability in SSL 3.0 Could Allow Information Disclosure
Published: October 14, 2014 | Updated: October 29, 2014
https://technet.microsoft.com/library/security/3009008

also here:
Microsoft Security Advisory 3009008
https://www.wilderssecurity.com/threads/microsoft-security-advisory-3009008.369254/

 

From POODLE Strikes (Bites?) Again:

 

Maybe it's not limited to Kaspersky, but I once found their mobile product still had Heartbleed vulnerability long after its disclosure.

Those are reason I don't like idea of SSL scanning, because I can't put much trust on their automated certificate checking.

 

The POODLE bites again
https://www.imperialviolet.org/2014/12/08/poodleagain.html

Wilders gets the overall rating "T" from SSLLabs ("If trust issues are ignored: A")

 

See also: (This would apply to December Microsoft Security Updates)
December 2014 Internet Explorer security updates & disabling SSL 3.0 fallback
http://blogs.msdn.com/b/ie/archive/...y-updates-amp-disabling-ssl-3-0-fallback.aspx

 

I've tested various bank sites on SSL Labs within the last year or two. Most have always scored embarrassingly low. Same for shopping sites. It's sad.

 

http://www.infosecisland.com/blogview/24131-POODLE-Redux-Now-Affecting-Some-TLS-Implementations.html

 

Openwall 3.1 Released With Fixes for Shellshock, POODLE Attack
~ Note lack of excessively long article citations ~

http://threatpost.com/openwall-3-1-released-with-fixes-for-shellshock-poodle-attack/110186