Poodle – SSLv3 Vulnerability
October 15, 2014In the space of a month, yet another security vulnerability has been identified and announced.
Known as the ‘SSLv3 protocol vulnerability and POODLE Attack’, (aka “POODLEbleed”, referencing the the recent Heartbleed vulnerability), the SSL Man In The Middle (MITM) Information Disclosure Vulnerability (CVE-2014-3566) affects version 3.0 of SSL, which was introduced in 1996, and has since been superseded by several newer versions of its successor protocol, TLS. However, the vulnerability may still be exploited because SSL 3.0 continues to be supported by nearly every Web browser and a large number of Web servers.
When web browsers fail at connecting on a newer SSL version (i.e. TLS 1.0, 1.1, or 1.2), they may fall back to a SSL 3.0 connection. Because a network attacker can cause connection failures, including the failure of TLS 1.0/1.1/1.2 connections, they can force the use of SSL 3.0 and then exploit the poodle bug in order to decrypt secure content transmitted between a server and a browser.
All systems and applications utilizing the Secure Socket Layer (SSL) 3.0 with cipher-block chaining (CBC) mode ciphers may be vulnerable. However, the POODLE (Padding Oracle On Downgraded Legacy Encryption) attack demonstrates this vulnerability using web browsers and web servers, which is one of the most likely exploitation scenarios.
On 26 September 2014, the Shellshock vulnerability affecting many versions of Linux and Unix, was announced.
Digital Tsunami hosts the websites of listed companies and multi-national corporations (MNCs) on their private clouds or international brands and national SMEs on private clouds which are exclusive to Digital Tsunami clients.
Security is uppermost in the priorities of Digital Tsunami and sites are constantly monitored and hardware and software maintained for maximum protection.
For enquiries on advanced security for your web presence, please contact Digital Tsunami Sales or Technical Support.
Read more items related to security.
External References:
Online Poodle Bug Server Test
Poodlebleed.com
Red Hat Security Advisory on POODLE
Symantec
Trend Micro
US Computer Emergency Readiness Team, Alert TA14-290A
From Our Clients
Andrew has provided Merrell Associates with reliable service, bringing a vast wealth of knowledge in IT to the task for more than the eight years I have been working here.
We have been helped by Andrew to solve all sorts of problems and if there isn't an immediate fix, solutions are found pretty quickly.
.. accurately interpreted the project brief and the outcome was a piece of cost effective quality work.
We are all very happy with the new website and believe it captures the essence of the Group One brand.
Andrew and colleagues were able to assist at every step of the website production process, providing a sleek layout with high quality images. We would like to thank the Digital Tsunami team for an excellent job.
Once again, thanks for your promptness and partnership.
The current challenge of my job at Abbott is one of the greatest I've faced in 25 years of IT career. It's reassuring to know I can count on people like you when things go wrong.
I recently engaged Digital Tsunami to design and build my 60-page website. I'm a website copywriter who relies heavily on web-generated business, so my own online presence needs to be impeccable.
The solution that Digital Tsunami supplied is brilliant. It meets my needs perfectly; it's clean, bold, elegant, fast, and easy to edit. I've had lots of very positive feedback about it, and since launch, my request for quote rate and conversion rate have increased markedly.
The team at Digital Tsunami was incredibly responsive, delivering a solution well ahead of deadline. Their technical knowledge was exceptional, they were innovative, and they were very meticulous. What's more, they understood my business and technical requirements and translated them into a user-friendly, refined, professional site which is conceptually simple and cohesive.
I have no hesitation in recommending the website design services of Digital Tsunami to any business .. that needs a stand-out online presence.