Poodle – SSLv3 VulnerabilityOctober 15, 2014
In the space of a month, yet another security vulnerability has been identified and announced.
Known as the ‘SSLv3 protocol vulnerability and POODLE Attack’, (aka “POODLEbleed”, referencing the the recent Heartbleed vulnerability), the SSL Man In The Middle (MITM) Information Disclosure Vulnerability (CVE-2014-3566) affects version 3.0 of SSL, which was introduced in 1996, and has since been superseded by several newer versions of its successor protocol, TLS. However, the vulnerability may still be exploited because SSL 3.0 continues to be supported by nearly every Web browser and a large number of Web servers.
When web browsers fail at connecting on a newer SSL version (i.e. TLS 1.0, 1.1, or 1.2), they may fall back to a SSL 3.0 connection. Because a network attacker can cause connection failures, including the failure of TLS 1.0/1.1/1.2 connections, they can force the use of SSL 3.0 and then exploit the poodle bug in order to decrypt secure content transmitted between a server and a browser.
All systems and applications utilizing the Secure Socket Layer (SSL) 3.0 with cipher-block chaining (CBC) mode ciphers may be vulnerable. However, the POODLE (Padding Oracle On Downgraded Legacy Encryption) attack demonstrates this vulnerability using web browsers and web servers, which is one of the most likely exploitation scenarios.
On 26 September 2014, the Shellshock vulnerability affecting many versions of Linux and Unix, was announced.
Digital Tsunami hosts the websites of listed companies and multi-national corporations (MNCs) on their private clouds or international brands and national SMEs on private clouds which are exclusive to Digital Tsunami clients.
Security is uppermost in the priorities of Digital Tsunami and sites are constantly monitored and hardware and software maintained for maximum protection.
For enquiries on advanced security for your web presence, please contact Digital Tsunami Sales or Technical Support.
From Our Clients
We have been fortunate to work with Andrew and his creative team from the inception of our business. The design and execution of our site has been fundamental in winning over clients and establishing our footprint in a very crowded space. We also place great value on their input into our business process.
Thanks to you and the Taishan production crew. Andy and the rest of the team were outstanding. Their professionalism was evident the entire time and they seemed to build a nice relationship with the factory employees, which led to a real spirit of cooperation. My sincere thanks for a job extremely well done.
We were very happy with the development process and the outcome. The objectives have all been achieved, in terms of usability and ease of use in updating the site. You definitely nailed both of these.
Digital Tsunami provided an outstanding service throughout the whole web development process. Andrew spent extensive time early on to understand our business in order to provide additional conceptual and strategic contributions to the brand and corporate identity of Kinetic Defence Services to ensure the message was clear, precise and appealing to the target audience.
The development process was smooth and efficient and enabled us to have an input throughout to guarantee total satisfaction with the final look and feel of the site.
We have been a client of Digital Tsunami now for a number of years.
As an ASX listed company, we seek reliability with our suppliers. Digital Tsunami have proven they are reliable and trustworthy.
We host multiple websites and services through them, and use them for technical and creative work.
There has never been an issue, they are always on top of all technical details, and simply provide the best possible solution around a given budget, and get things right first time. Clearly they have excellent quality controls and that shows in their services.