Tag: poodle attack

POODLE 2.0: Here We Go Again (CVE-2014-8730)

Photo By Karin Jonsson (Flickr: Poodle) [CC-BY-2.0 via Wikimedia Commons]

Photo By Karin Jonsson (Flickr: Poodle) [CC-BY-2.0 via Wikimedia Commons

POODLE 2.0: Here We Go Again

It was just a bit more than an month ago when the POODLE vulnerability in SSLv3 was discovered and sent sysadmins around the world scrambling.

You might remember that the original POODLE vulernability affected SSLv3, an older protocol that has been largely replaced by the TLS protocol. Since SSLv3 was only available on many systems as a measure to support very old web browsers, it was no big deal to disable it and thereby remove the vulnerabilty.

But today news is spreading that some TLS implementations can be vulnerable too and that as many as 10% of all web sites maybe affected. This new vulnerability has been labeled CVE-2014-8730 and it’s much more serious that the original POODLE.

It’s time to scramble again.

Read more

POODLE Patch Post: Monitoring IIS Patches for CVE­-2014­-3566

Photo By Karin Jonsson (Flickr: Poodle) [CC-BY-2.0 via Wikimedia Commons]
Photo By Karin Jonsson (Flickr: Poodle) [CC-BY-2.0 via Wikimedia Commons
Anyone running web sites on IIS with SSL support should have already rolled out patches for CVE­-2014­-3566, the vulnerability in SSL v3 which has been labeled POODLE.

What is the POODLE Bug?

Google researchers have found a severe flaw in an obsolete but still used encryption software, which could be exploited to steal sensitive data… The POODLE attack can force a connection to “fallback” to SSL 3.0, where it is then possible to steal cookies. Computerworld

FrameFlow Server Monitor Can Verify POODLE Patch Installation

Did you know that you can use FrameFlow Server Monitor to verify that the patch has been installed on all your systems?
Read more