Poodle – SSLv3 Vulnerability

In the space of a month, yet another security vulnerability has been identified and announced.

Known as the ‘SSLv3 protocol vulnerability and POODLE Attack’, (aka “POODLEbleed”, referencing the the recent Heartbleed vulnerability), the SSL Man In The Middle (MITM) Information Disclosure Vulnerability (CVE-2014-3566) affects version 3.0 of SSL, which was introduced in 1996, and has since been superseded by several newer versions of its successor protocol, TLS. However, the vulnerability may still be exploited because SSL 3.0 continues to be supported by nearly every Web browser and a large number of Web servers.

When web browsers fail at connecting on a newer SSL version (i.e. TLS 1.0, 1.1, or 1.2), they may fall back to a SSL 3.0 connection. Because a network attacker can cause connection failures, including the failure of TLS 1.0/1.1/1.2 connections, they can force the use of SSL 3.0 and then exploit the poodle bug in order to decrypt secure content transmitted between a server and a browser.

All systems and applications utilizing the Secure Socket Layer (SSL) 3.0 with cipher-block chaining (CBC) mode ciphers may be vulnerable. However, the POODLE (Padding Oracle On Downgraded Legacy Encryption) attack demonstrates this vulnerability using web browsers and web servers, which is one of the most likely exploitation scenarios.

On 26 September 2014, the Shellshock vulnerability affecting many versions of Linux and Unix, was announced.

Digital Tsunami hosts the websites of listed companies and multi-national corporations (MNCs) on their private clouds or international brands and national SMEs on private clouds which are exclusive to Digital Tsunami clients.

Security is uppermost in the priorities of Digital Tsunami and sites are constantly monitored and hardware and software maintained for maximum protection.

For enquiries on advanced security for your web presence, please contact Digital Tsunami Sales or Technical Support.

Read more items related to security.

 

External References:

Online Poodle Bug Server Test
Poodlebleed.com
Red Hat Security Advisory on POODLE
Symantec
Trend Micro
US Computer Emergency Readiness Team, Alert TA14-290A

From Our Clients

Quotation Mark

The launch .. was a success. We were able to present this live on a Wireless connection during our Sydney, Australia sales conference on a location with very limited internet bandwidth. This proves the technology used .. renders light webpages which are easy to download on a browser.

Comments I've heard from our employees were all positive and reflected precisely what we were looking for: a simple but concise, clean and effective webpage.

We acknowledge the timeframe given to you was extremely short but nevertheless you have sucessfully delivered the project on schedule .. the critical success factor was communication and availability of Digital Tsunami's team.

I am very glad we were able to partner with such a professional team as yours and I am confident any other initiatives with you will be as successful.

Claudio Falcão Gomes
IT Manager
Sydney, NSW, Australia
Solvay Pharmaceuticals
Quotation Mark

Thanks to you and the Taishan production crew. Andy and the rest of the team were outstanding. Their professionalism was evident the entire time and they seemed to build a nice relationship with the factory employees, which led to a real spirit of cooperation. My sincere thanks for a job extremely well done.

Stephen Pollack
Marketing Director
Lexington, Kentucky, USA
Kaba Mas
Quotation Mark

Working with this team has been a delight and the resulting website far exceeds our expectations. All stages of the process were handled professionally, promptly and creatively. Discussions went smoothly, with flawless communication and suitable and sensible solutions whenever issues were raised. Time frames were either met or delivered early. The site was 100% accurate, indicating impressive attention to detail.

Without exception, the feedback on our site has been outstanding - clear and thoughtful layout, appropriate and interesting graphics and intuitive navigation.

Robyn Rix
Director (Vice President)
Neutral Bay, NSW, Australia
Quotation Mark

Central to the development process is Digital Tsunami’s thorough understanding of the project needs, clear and constant communication, and creative, innovative and meticulous approach to delivering solutions.

Sharon Don
General Manager, Products and Services
Sydney, NSW, Australia
Personal Broadband Australia
Quotation Mark

I have viewed all the videos and would like to commend you on the excellent quality.

I would like to thank you for the excellent editing which portrays the event as dynamic and stimulating.

Marika Janis
Executive Director, NSW Branch
Sydney, NSW, Australia
Australia China Business Council
error: We appreciate that you value our content. You are welcome to link to this page, but content is copyright protected.