Poodle – SSLv3 Vulnerability

In the space of a month, yet another security vulnerability has been identified and announced.

Known as the ‘SSLv3 protocol vulnerability and POODLE Attack’, (aka “POODLEbleed”, referencing the the recent Heartbleed vulnerability), the SSL Man In The Middle (MITM) Information Disclosure Vulnerability (CVE-2014-3566) affects version 3.0 of SSL, which was introduced in 1996, and has since been superseded by several newer versions of its successor protocol, TLS. However, the vulnerability may still be exploited because SSL 3.0 continues to be supported by nearly every Web browser and a large number of Web servers.

When web browsers fail at connecting on a newer SSL version (i.e. TLS 1.0, 1.1, or 1.2), they may fall back to a SSL 3.0 connection. Because a network attacker can cause connection failures, including the failure of TLS 1.0/1.1/1.2 connections, they can force the use of SSL 3.0 and then exploit the poodle bug in order to decrypt secure content transmitted between a server and a browser.

All systems and applications utilizing the Secure Socket Layer (SSL) 3.0 with cipher-block chaining (CBC) mode ciphers may be vulnerable. However, the POODLE (Padding Oracle On Downgraded Legacy Encryption) attack demonstrates this vulnerability using web browsers and web servers, which is one of the most likely exploitation scenarios.

On 26 September 2014, the Shellshock vulnerability affecting many versions of Linux and Unix, was announced.

Digital Tsunami hosts the websites of listed companies and multi-national corporations (MNCs) on their private clouds or international brands and national SMEs on private clouds which are exclusive to Digital Tsunami clients.

Security is uppermost in the priorities of Digital Tsunami and sites are constantly monitored and hardware and software maintained for maximum protection.

For enquiries on advanced security for your web presence, please contact Digital Tsunami Sales or Technical Support.

Read more items related to security.

 

External References:

Online Poodle Bug Server Test
Poodlebleed.com
Red Hat Security Advisory on POODLE
Symantec
Trend Micro
US Computer Emergency Readiness Team, Alert TA14-290A

From Our Clients

Quotation Mark

It is clear from the enthusiasm and professionalism shown, that Digital Tsunami views each client as a long term partner contributing ideas above and beyond the development of the site and we look forward to involving them in future marketing initiatives.

Angelo Mastropietro
Director
Sydney, NSW, Australia
Kinetic Recruitment
Quotation Mark

Andrew and his team at Digital Tsunami were the developers behind our micro site for Fearless.

I like the way they work (efficient, effective) and delivered a great site, on time.

Suzy Jacobs
Founder & Chief Inspiration Officer
Sydney, NSW, Australia
She Business
Quotation Mark

.. organised, meticulously detailed and yet flexible - always serving client needs to the highest standards. From a client perspective, you can expect high quality, timely completion and minimal fuss.

Michael Ney
Director
Sydney, NSW, Australia
Sensory Image
Quotation Mark

I could not be more delighted. Once again Thank You. You and your team at Digital Tsunami have been incredible.

Dan Usher
Founder
Sydney, NSW, Australia
if3
Quotation Mark

Since 2003, Digital Tsunami has collaborated with Personal Broadband Australia to deliver many online solutions, including the latest www.pba.com.au site.

Central to the development process is Digital Tsunami's thorough understanding of the project needs, clear and constant communication, and creative, innovative and meticulous approach to delivering solutions.

The results are clean, intuitive, refined and cohesive, with rapidly loading pages and extremely high usability.

The benefit to PBA of this long-term relationship has been the highly effective way in which Digital Tsunami has implemented and enhanced my vision on every project.

Sharon Don
General Manager, Products and Services
Sydney, NSW, Australia
Personal Broadband Australia
error: We appreciate that you value our content. You are welcome to link to this page, but content is copyright protected.