Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Guides - Privacy & Security Tips
How to block the insecure RC4 cipher in Firefox and Chrome
Message
<blockquote data-quote="OneDay" data-source="post: 412514" data-attributes="member: 26923"><p><span style="font-size: 22px"><strong>How to block the insecure RC4 cipher in Firefox and Chrome</strong></span></p><p>by <a href="http://www.ghacks.net/author/martin/" target="_blank">Martin Brinkmann</a> on July 19, 2015 in <a href="http://www.ghacks.net/category/security/" target="_blank">Security</a> - Last Update: July 19, 2015<a href="http://www.ghacks.net/2015/07/19/how-to-block-the-insecure-rc4-cipher-in-firefox-and-chrome/#comments" target="_blank"> 0</a></p><p></p><p>Whenever you connect to a secure website using Firefox or any other modern browser, negotiations happen in the background that determine what is being used to encrypt the connection.</p><p></p><p>RC4 is a stream cipher that is currently supported by most browsers even though it may only be used as a fallback (if other negotiations fail) or for whitelisted sites.</p><p></p><p><a href="https://www.rc4nomore.com/" target="_blank">Exploits</a> <a href="http://www.isg.rhul.ac.uk/tls/RC4mustdie.html" target="_blank">have</a> come to light in recent time that take advantage of weaknesses in RC4 which allow attackers to run attacks in a reasonable time frame, for instance to decrypt web cookies which often contain authentication information.</p><p></p><p><a href="https://bugzilla.mozilla.org/show_bug.cgi?id=999544#c69" target="_blank">Mozilla wanted</a> to remove RC4 from Firefox completely initially in version 38 or 39 of the browser but decided against it based on telemetry data. As it stands right now, RC4 won't be disabled in Firefox 39 or 40.</p><p></p><p><strong>Tip</strong>: you can check if your web browser is vulnerable by <a href="https://rc4.io/" target="_blank">visiting this RC4</a> website. If you see red notifications on the page after the text has been conducted it means that it is vulnerable to attacks.</p><p></p><p>It needs to be noted that other browsers, Google Chrome for instance, are vulnerable as well. Google is apparently also working on <a href="https://code.google.com/p/chromium/issues/detail?id=375342#c44" target="_blank">dropping RC4</a> support completely in Chrome</p><p></p><p></p><p>Full aricle <a href="http://www.ghacks.net/2015/07/19/how-to-block-the-insecure-rc4-cipher-in-firefox-and-chrome/" target="_blank">here</a></p></blockquote><p></p>
[QUOTE="OneDay, post: 412514, member: 26923"] [SIZE=6][B]How to block the insecure RC4 cipher in Firefox and Chrome[/B][/SIZE] by [URL='http://www.ghacks.net/author/martin/']Martin Brinkmann[/URL] on July 19, 2015 in [URL='http://www.ghacks.net/category/security/']Security[/URL] - Last Update: July 19, 2015[URL='http://www.ghacks.net/2015/07/19/how-to-block-the-insecure-rc4-cipher-in-firefox-and-chrome/#comments'] 0[/URL] Whenever you connect to a secure website using Firefox or any other modern browser, negotiations happen in the background that determine what is being used to encrypt the connection. RC4 is a stream cipher that is currently supported by most browsers even though it may only be used as a fallback (if other negotiations fail) or for whitelisted sites. [URL='https://www.rc4nomore.com/']Exploits[/URL] [URL='http://www.isg.rhul.ac.uk/tls/RC4mustdie.html']have[/URL] come to light in recent time that take advantage of weaknesses in RC4 which allow attackers to run attacks in a reasonable time frame, for instance to decrypt web cookies which often contain authentication information. [URL='https://bugzilla.mozilla.org/show_bug.cgi?id=999544#c69']Mozilla wanted[/URL] to remove RC4 from Firefox completely initially in version 38 or 39 of the browser but decided against it based on telemetry data. As it stands right now, RC4 won't be disabled in Firefox 39 or 40. [B]Tip[/B]: you can check if your web browser is vulnerable by [URL='https://rc4.io/']visiting this RC4[/URL] website. If you see red notifications on the page after the text has been conducted it means that it is vulnerable to attacks. It needs to be noted that other browsers, Google Chrome for instance, are vulnerable as well. Google is apparently also working on [URL='https://code.google.com/p/chromium/issues/detail?id=375342#c44']dropping RC4[/URL] support completely in Chrome Full aricle [URL='http://www.ghacks.net/2015/07/19/how-to-block-the-insecure-rc4-cipher-in-firefox-and-chrome/']here[/URL] [/QUOTE]
Insert quotes…
Verification
Post reply
Top