Poodle – SSLv3 Vulnerability

In the space of a month, yet another security vulnerability has been identified and announced.

Known as the ‘SSLv3 protocol vulnerability and POODLE Attack’, (aka “POODLEbleed”, referencing the the recent Heartbleed vulnerability), the SSL Man In The Middle (MITM) Information Disclosure Vulnerability (CVE-2014-3566) affects version 3.0 of SSL, which was introduced in 1996, and has since been superseded by several newer versions of its successor protocol, TLS. However, the vulnerability may still be exploited because SSL 3.0 continues to be supported by nearly every Web browser and a large number of Web servers.

When web browsers fail at connecting on a newer SSL version (i.e. TLS 1.0, 1.1, or 1.2), they may fall back to a SSL 3.0 connection. Because a network attacker can cause connection failures, including the failure of TLS 1.0/1.1/1.2 connections, they can force the use of SSL 3.0 and then exploit the poodle bug in order to decrypt secure content transmitted between a server and a browser.

All systems and applications utilizing the Secure Socket Layer (SSL) 3.0 with cipher-block chaining (CBC) mode ciphers may be vulnerable. However, the POODLE (Padding Oracle On Downgraded Legacy Encryption) attack demonstrates this vulnerability using web browsers and web servers, which is one of the most likely exploitation scenarios.

On 26 September 2014, the Shellshock vulnerability affecting many versions of Linux and Unix, was announced.

Digital Tsunami hosts the websites of listed companies and multi-national corporations (MNCs) on their private clouds or international brands and national SMEs on private clouds which are exclusive to Digital Tsunami clients.

Security is uppermost in the priorities of Digital Tsunami and sites are constantly monitored and hardware and software maintained for maximum protection.

For enquiries on advanced security for your web presence, please contact Digital Tsunami Sales or Technical Support.

Read more items related to security.

 

External References:

Online Poodle Bug Server Test
Poodlebleed.com
Red Hat Security Advisory on POODLE
Symantec
Trend Micro
US Computer Emergency Readiness Team, Alert TA14-290A

From Our Clients

Quotation Mark

Thank you for the development of an updated brand image for Wah Yuet in China.

While originally contracted to produce a video highlighting Wah Yuet's manufacturing capabilities, it was apparent very quickly that your understanding of our requirements, combined with your experience, were the perfect fit to create a new logo and style guidelines for the company. While relatively small in scope, you were dedicated to the success of the project and I am pleased to say that you hit the bullseye!

Stephen Pollack
Marketing Director
Lexington, Kentucky, USA
Quotation Mark

With a brief timeline to ensure we had a web presence and launch coinciding with our 10 year anniversary, Digital Tsunami delivered. On time. On budget. Great Effort!

Grant C. Duff
Head of Marketing
Sydney, NSW, Australia
Solvay Pharmaceuticals
Quotation Mark

I happily recommend Andrew and the Digital Tsunami team.

I have dealt with many web marketing and support companies over the years, and have been very impressed with Digital Tsunami's response, advice and understanding of their field. I recommend talking to Andrew about your next web project.

Steve Peereboom
Brand Manager, Australian Monitor International
Melbourne, Victoria, Australia
Hills Holdings Ltd (ASX:HIL)
Quotation Mark

For providing a reliable, fast, and well maintained hosting service for business websites, I recommend Andrew and his company Digital Tsunami. The technical support given has been above and beyond, their hosting the fastest I have experienced, and is very well maintained with no issues.

Andrew certainly bends over backwards for his new and current clients, and I can tell he genuinely cares about providing nothing short of an outstanding service.

Adam Connell
Marketing Executive
Adelaide, SA, Australia
Korvest (ASX:KOV)
Quotation Mark

Service delivery is precisely what was asked, while respecting deadlines and budget constraints. Digital Tsunami are very good value for money, particularly for quick wins without long pre-planning project phases.

Claudio Falcão Gomes
Head of IT
Pymble, NSW, Australia
Solvay Pharmaceuticals
error: We appreciate that you value our content. You are welcome to link to this page, but content is copyright protected.