Will using firefox v 39 as my browser protect me in the folowing ways?
1) after e-mailing my resume to a website that got an 'F' rating on an SSL server test program. 2) after clicking a link to do an online job application on above website.
Summary of rating of above website: Overall Rating F Certificate – 100 (out of 100) Protocol Support – 50 (out of 100) Key Exchange – 0 (out of 100) Cipher Strength – 90 (out of 100)
Details of rating: This server supports anonymous (insecure) suites (see below for details). Grade set to F. This server is vulnerable to the POODLE attack. If possible, disable SSL 3 to mitigate. Grade capped to C. MORE INFO » The server supports only older protocols, but not the current best TLS 1.2. Grade capped to C. MORE INFO » This server accepts the RC4 cipher, which is weak. Grade capped to B. MORE INFO » The server does not support Forward Secrecy with the reference browsers. MORE INFO » This server supports TLS_FALLBACK_SCSV to prevent protocol downgrade attacks.
Any advice would be greatly appreciated.
Chosen solution
Firefox will refuse to connect to sites that offer egregiously poor HTTPS connections, but even when Firefox will connect, there are good, better, and best practices.
The higher the quality of the encryption between Firefox and the website, the lower the chances that anyone would be able to read or modify what was sent and received.
When a site has an "F" rating, there is much more of a risk that someone listening in could have obtained a readable copy of the information you sent and received, as well as your password or cookies or other data needed to impersonate you on that site. The risk is highest on an open wireless network (like the public network that doesn't require a WEP/WPA key).
How much of a problem is a "F" grade really? If no one was listening when you transmitted your secrets, you haven't lost anything yet. And if Firefox didn't object to the connection, the bad grade might relate to how other browsers might connect and not how Firefox connects.
That said, the situation raises some doubts about the company that operates the site. Can they be trusted to secure the information you gave them now that they have it on their system? If companies do not seem to be paying attention to security practices, it's probably best not to give them any sensitive information.
Read this answer in context 👍 1All Replies (4)
Chosen Solution
Firefox will refuse to connect to sites that offer egregiously poor HTTPS connections, but even when Firefox will connect, there are good, better, and best practices.
The higher the quality of the encryption between Firefox and the website, the lower the chances that anyone would be able to read or modify what was sent and received.
When a site has an "F" rating, there is much more of a risk that someone listening in could have obtained a readable copy of the information you sent and received, as well as your password or cookies or other data needed to impersonate you on that site. The risk is highest on an open wireless network (like the public network that doesn't require a WEP/WPA key).
How much of a problem is a "F" grade really? If no one was listening when you transmitted your secrets, you haven't lost anything yet. And if Firefox didn't object to the connection, the bad grade might relate to how other browsers might connect and not how Firefox connects.
That said, the situation raises some doubts about the company that operates the site. Can they be trusted to secure the information you gave them now that they have it on their system? If companies do not seem to be paying attention to security practices, it's probably best not to give them any sensitive information.
Thank you for your clear response. A job with this company isn't worth the risk, even though it sounds interesting.
I don't know how it would affect your prospects (or your karma), but you might point out this problem to them in case they aren't aware of it.
I did and by the tone of their response, they're not changing. To bad for them (and me too.)