搜索 | 用户支持

防范以用户支持为名的诈骗。我们绝对不会要求您拨打电话或发送短信,及提供任何个人信息。请使用“举报滥用”选项报告涉及违规的行为。

详细了解

Will using firefox v 39 as my browser protect me in the folowing ways?

  • 4 个回答
  • 3 人有此问题
  • 3 次查看
  • 最后回复者为 user961993

more options

1) after e-mailing my resume to a website that got an 'F' rating on an SSL server test program. 2) after clicking a link to do an online job application on above website.

Summary of rating of above website: Overall Rating F Certificate – 100 (out of 100) Protocol Support – 50 (out of 100) Key Exchange – 0 (out of 100) Cipher Strength – 90 (out of 100)

Details of rating: This server supports anonymous (insecure) suites (see below for details). Grade set to F. This server is vulnerable to the POODLE attack. If possible, disable SSL 3 to mitigate. Grade capped to C. MORE INFO » The server supports only older protocols, but not the current best TLS 1.2. Grade capped to C. MORE INFO » This server accepts the RC4 cipher, which is weak. Grade capped to B. MORE INFO » The server does not support Forward Secrecy with the reference browsers. MORE INFO » This server supports TLS_FALLBACK_SCSV to prevent protocol downgrade attacks.

Any advice would be greatly appreciated.

1) after e-mailing my resume to a website that got an 'F' rating on an SSL server test program. 2) after clicking a link to do an online job application on above website. Summary of rating of above website: Overall Rating F Certificate – 100 (out of 100) Protocol Support – 50 (out of 100) Key Exchange – 0 (out of 100) Cipher Strength – 90 (out of 100) Details of rating: This server supports anonymous (insecure) suites (see below for details). Grade set to F. This server is vulnerable to the POODLE attack. If possible, disable SSL 3 to mitigate. Grade capped to C. MORE INFO » The server supports only older protocols, but not the current best TLS 1.2. Grade capped to C. MORE INFO » This server accepts the RC4 cipher, which is weak. Grade capped to B. MORE INFO » The server does not support Forward Secrecy with the reference browsers. MORE INFO » This server supports TLS_FALLBACK_SCSV to prevent protocol downgrade attacks. Any advice would be greatly appreciated.

被采纳的解决方案

Firefox will refuse to connect to sites that offer egregiously poor HTTPS connections, but even when Firefox will connect, there are good, better, and best practices.

The higher the quality of the encryption between Firefox and the website, the lower the chances that anyone would be able to read or modify what was sent and received.

When a site has an "F" rating, there is much more of a risk that someone listening in could have obtained a readable copy of the information you sent and received, as well as your password or cookies or other data needed to impersonate you on that site. The risk is highest on an open wireless network (like the public network that doesn't require a WEP/WPA key).

How much of a problem is a "F" grade really? If no one was listening when you transmitted your secrets, you haven't lost anything yet. And if Firefox didn't object to the connection, the bad grade might relate to how other browsers might connect and not how Firefox connects.

That said, the situation raises some doubts about the company that operates the site. Can they be trusted to secure the information you gave them now that they have it on their system? If companies do not seem to be paying attention to security practices, it's probably best not to give them any sensitive information.

定位到答案原位置 👍 1

所有回复 (4)

more options

选择的解决方案

Firefox will refuse to connect to sites that offer egregiously poor HTTPS connections, but even when Firefox will connect, there are good, better, and best practices.

The higher the quality of the encryption between Firefox and the website, the lower the chances that anyone would be able to read or modify what was sent and received.

When a site has an "F" rating, there is much more of a risk that someone listening in could have obtained a readable copy of the information you sent and received, as well as your password or cookies or other data needed to impersonate you on that site. The risk is highest on an open wireless network (like the public network that doesn't require a WEP/WPA key).

How much of a problem is a "F" grade really? If no one was listening when you transmitted your secrets, you haven't lost anything yet. And if Firefox didn't object to the connection, the bad grade might relate to how other browsers might connect and not how Firefox connects.

That said, the situation raises some doubts about the company that operates the site. Can they be trusted to secure the information you gave them now that they have it on their system? If companies do not seem to be paying attention to security practices, it's probably best not to give them any sensitive information.

more options

Thank you for your clear response. A job with this company isn't worth the risk, even though it sounds interesting.

more options

I don't know how it would affect your prospects (or your karma), but you might point out this problem to them in case they aren't aware of it.

more options

I did and by the tone of their response, they're not changing. To bad for them (and me too.)