Poodle – SSLv3 Vulnerability

In the space of a month, yet another security vulnerability has been identified and announced.

Known as the ‘SSLv3 protocol vulnerability and POODLE Attack’, (aka “POODLEbleed”, referencing the the recent Heartbleed vulnerability), the SSL Man In The Middle (MITM) Information Disclosure Vulnerability (CVE-2014-3566) affects version 3.0 of SSL, which was introduced in 1996, and has since been superseded by several newer versions of its successor protocol, TLS. However, the vulnerability may still be exploited because SSL 3.0 continues to be supported by nearly every Web browser and a large number of Web servers.

When web browsers fail at connecting on a newer SSL version (i.e. TLS 1.0, 1.1, or 1.2), they may fall back to a SSL 3.0 connection. Because a network attacker can cause connection failures, including the failure of TLS 1.0/1.1/1.2 connections, they can force the use of SSL 3.0 and then exploit the poodle bug in order to decrypt secure content transmitted between a server and a browser.

All systems and applications utilizing the Secure Socket Layer (SSL) 3.0 with cipher-block chaining (CBC) mode ciphers may be vulnerable. However, the POODLE (Padding Oracle On Downgraded Legacy Encryption) attack demonstrates this vulnerability using web browsers and web servers, which is one of the most likely exploitation scenarios.

On 26 September 2014, the Shellshock vulnerability affecting many versions of Linux and Unix, was announced.

Digital Tsunami hosts the websites of listed companies and multi-national corporations (MNCs) on their private clouds or international brands and national SMEs on private clouds which are exclusive to Digital Tsunami clients.

Security is uppermost in the priorities of Digital Tsunami and sites are constantly monitored and hardware and software maintained for maximum protection.

For enquiries on advanced security for your web presence, please contact Digital Tsunami Sales or Technical Support.

Read more items related to security.

 

External References:

Online Poodle Bug Server Test
Poodlebleed.com
Red Hat Security Advisory on POODLE
Symantec
Trend Micro
US Computer Emergency Readiness Team, Alert TA14-290A

From Our Clients

Quotation Mark

We have been fortunate to work with Andrew and his creative team from the inception of our business. The design and execution of our site has been fundamental in winning over clients and establishing our footprint in a very crowded space. We also place great value on their input into our business process.

Vikram Aggarwal
CEO
Singapore
eat2eat
Quotation Mark

.. very knowledgeable, creative and patient while also pushing me to work through the many decisions such a project involves.

Corinna Sager
President
Montclair, New York, USA
Lifestyle International
Quotation Mark

(We) took a fairly substantial audit of .. sophisticated sites both technically and creatively .. Out of six prominent designers, Digital Tsunami stood out.

The quality of the images, the sophisticated management of text .. together with smooth animations makes (our) website of very high calibre.

I would personally rate this site in the top 2 percent of world wide web sites today.

Paul McCloskey
President
Dural, NSW, Australia
Laservision
Quotation Mark

Andrew W Morse and the Digital Tsunami team are world class, creative professionals in the challenging and highly competitive business of web page design and utilisation.

He understands business, he understands marketing, he understands communication and he understands design. And most importantly, his web pages pay for themselves within weeks of going online.

Laurie K. Gilbert
Director
Shah Alam, Selangor, Malaysia
Quotation Mark

Andrew was able to create an entirely new website in a short period of time and to budget. He and his team worked very well with both our Marketing and IT team.

Steve Mannion
General Manager, Sales & Marketing
Silverwater, NSW, Australia
error: We appreciate that you value our content. You are welcome to link to this page, but content is copyright protected.