27 Oct Poodle vulnerability – and we are not talking dogs
No that image is not a Poodle. But, read on… SOS Support constantly delivers important security notices to our clients. We strive to be an ethical leader for IT Support in Utah. The latest headline in I.T. security since Heartbleed (which still needs addressed by anybody vulnerable) is called the POODLE vulnerability. SSL 3.0 is 18 years old but is used worldwide on older websites and some new websites. Basically, all Internet browsers support the outdated SSL 3.0 and when they attempt to connect to HTTPS (Secure) websites and the connection fails, the Internet browser will attempt using older security protocols such as SSL 3.0.
To quote the article on theGaurdian: ” Hackers can steal information using the [Poodle Vulnerability] in a relatively simple manner, but it is a ‘man-in-the-middle attack’ that requires the hacker to tap into the connection between users and servers. …Most will be safe while browsing at home, but could be vulnerable while browsing the internet using public WiFi HotSpots.” theGaurdian continues “…Poodle is the latest in a long string of bugs found in crucial components of the Internet, first brought into the spotlight by the Heartbleed bug in April, then Shellshock in September. It is similar to a few other more obscure vulnerabilities but is more practical to implement in an attack.”
You can click here to learn more about the POODLE Vulnerability from Google Community.
What you need to know:
First, see if you are vulnerable Using your browsers (if you regularly use more then one browser, test each of them). Click on the following link (or copy and paste) to test: https://www.poodletest.com/
If your browser(s) is/are POODLE Vulnerability, you will want to take measures to protect yourself. First step is to disable SSL 3.0 support in the advanced settings of your browser. Another website to test if your browser is on the zmap.io website. As well, they also post simplest directions on how to disable SSL3.0 on this website. Click Here for the link.There are additional steps that should as well be taken. If concerned, contact SOS Support, your IT service in Salt Lake City, at 801-563-9700 to request support in this matter. We strive to be a top tier provider of computer support in Utah.
If you are a client who currently has a SonicWALL with managed services enabled, there is already a signature update blocking SSL V3 already in place. Even still, if your individual portals do not use SSL 3.0, then SSL 3.0 should still be addressed and disabled.