• Menu
  • Skip to right header navigation
  • Skip to main content
  • Skip to secondary navigation
  • Skip to primary sidebar
  • Skip to footer

Before Header

  • Facebook
  • LinkedIn
  • Twitter

Landon Technologies

Technology Support Services and Solutions

  • HOME
  • ABOUT
  • IT SERVICES
    • MANAGED IT
    • CYBERSECURITY
    • IT SUPPORT
    • IT CONSULTING
    • BACKUP SERVICES
  • BLOG
  • CONTACT

Mobile Menu

  • Managed IT Services
  • Cybersecurity
  • About
  • Contact
  • Facebook
  • LinkedIn
  • Twitter

Googlers find Poodle bug – what does it mean for you?

By //  by CReed

On October 14, 2014, Bodo Möller, from the Google Security Team, released a statement that he and two others at Google had discovered a vulnerability in SSL 3.0 that could allow a hacker access to an Internet user’s browsing session and personal account information online.

chrome-firefox-safari-internet-explorer-browsers-affected-by-poodle-bug

SSL stands for “Secure Sockets Layer” and its purpose is to encrypt data while users browse the Internet. SSL 3.0 is old technology. TLS (Transport Layer Security) is the newer encryption protocol.

Möller stated, “SSL 3.0 is nearly 18 years old, but support for it remains widespread. Most importantly, nearly all browsers support it and, in order to work around bugs in HTTPS servers, browsers will retry failed connections with older protocol versions, including SSL 3.0. Because a network attacker can cause connection failures, they can trigger the use of SSL 3.0 and then exploit this issue.”

This flaw is being referred to as the POODLE (Padding Oracle on Downloaded Legacy Encryption) bug.

A New York Times article and Time magazine report that home users are not likely to be attacked. Nicole Perlroth, on the New York Times Security blog, reports “to pull off an a Poodle attack security researchers say that the victim has to be actively online and physically close to the attacker — say, using the same public Wi-Fi.”

Still, Möller and the other Googlers, are recommending shutting down SSL 3.0 altogether by taking away the option to downgrade from TLS for browsers. Google Chrome is being tested with changes that disable the fallback to SSL 3.0.

Other browsers and servers are following suit. Mozilla is expected to disable SSL 3.0 in the next version of the Firefox browser, to be released in November. Twitter has disabled support for SSL 3.0. CloudFare CEO Matthew Prince announced: “CloudFlare has disabled SSLv3 across our network by default for all customers. This will have an impact on some older browsers, resulting in an SSL connection error. The biggest impact is Internet Explorer 6 running on Windows XP or older.”

Internet Explorer 6 uses TLS, but not by default. Internet Explorer 6 users are going to have a harder time accessing sites across the Internet with web servers disabling fallback to SSL 3.0.

If you want to command your browser not to use SSL 3.0, Mozilla has a link to instructions for Firefox in their security blog: https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/

For Internet Explorer, go to Internet Options on the Tools menu and click on the Advanced tab. Uncheck the box next to SSL 3.0.

To check your browser, click on https://zmap.io/sslv3/. You will either get a red warning box stating that your browser supports SSL v3 or a blue box stating, ” Good News! Your browser does not support SSLv3.”

Excluding SSL 3.0 in your browser is a step for extra security. It may not be necessary for most home users, or for those on a closed network. It is most necessary for those who use public WiFi.

 

Filed Under: SSL

Looking for immediate answers to your questions?

You May Also Be Interested In:

Making Telehealth Security Top Priority

Healthcare Providers Must Prepare for IT Disasters

Prevent Data Silos for Business Success

Tech Help for New Year’s Resolutions

Is Healthcare Compliance Good Enough?

Why Life is Easier With Managed Services

Logitech MK235 Wireless Keyboard and Mouse – Buy Now

What You Need to Know About Home Automation Services

All You Need to Know About Password Policy Best Practices

Previous Post: « How to Minimize Workplace Interruptions
Next Post: Must-Have Software for Students »

Primary Sidebar

RECENT POSTS

Making Telehealth Security Top Priority

The use of telehealth has been growing rapidly over the past …

Healthcare Providers Must Prepare for IT Disasters

Healthcare professionals regularly handle the worst. Whether its …

Prevent Data Silos for Business Success

The volume of data in the world was predicted by International …

Tech Help for New Year’s Resolutions

Making New Year’s resolutions is a familiar habit in the Western …

Is Healthcare Compliance Good Enough?

The healthcare industry is a top target for cybercriminals. …

Why Life is Easier With Managed Services

That smile of relief when we fix someone’s technology is a gift …

Logitech MK235 Wireless Keyboard and Mouse – Buy Now

Landon Technologies, Inc is a participant in the Amazon …

What You Need to Know About Home Automation Services

Looking for Home Automation Services? Fifteen years ago, smart …

All You Need to Know About Password Policy Best Practices

News of a big brand suffering a data breach is all too common …

Will Office 2010 Still Work After 2020 and Beyond?

The question: Will Office 2010 still work after 2020? It may …

Here Are The Best Technology Solutions for Small Business in 2021

For many of us, 2021 can’t come soon enough, and we're hoping …

Why Does a Managed IT Support Company Beat a Break-Fix Approach?

Computers break at challenging times. Always. Your employees …

What To Know About Having a Small Business Cyber Security Plan

Cybersecurity attacks on big-name brands or governments are …

Best Benefits of Windows Virtual Desktop for Businesses

The days of doing all our work in the office are gone for most …

Get Your IT Ready for Holiday Shopping

Holiday shopping will have a new look this year. Many retailers …

Keep Your Firmware Safe and Secure

Most of us can differentiate between hardware and software. But …

Facing the Five Top Cloud Computing Fears

The public cloud service market is growing. Software, …

3 Things Your IT Support Partner Wishes You Did

Want to get in the good books of your IT support team? It’s …

What is the Cloud?

You may have come across people talking about ‘cloud’ storage …

Want to Be Anonymous Online? Incognito v. VPN

Maybe you want to be a little mysterious, but more likely you …

Footer

Follow Us

  • Facebook
  • LinkedIn
  • Twitter

Call Us: (888) 596-3998
Hours: Mon-Fri 8am-6pm

Our Services

  • Managed IT Services
  • CyberSecurity Consulting
  • IT Support Services
  • Network Installations
  • Network Support

Areas We Service

  • California
  • Florida
  • Georgia
  • New York
  • Texas
  • Privacy Policy
  • Terms and Conditions
  • Make a Payment
  • Blog
  • Sitemap

Site Footer

· Copyright © 2005-2020 · Landon Technologies, Inc. ·
»
«