Difference between revisions of "Security - Poodle"
Philip Lacey (talk | contribs) (Created page with "Poodle is the code name for a security hole discovered by Google, in a secure protocol used by computers to chat to each other. It stands for "Padding Oracle On Downgraded Le...") |
Philip Lacey (talk | contribs) |
||
| (6 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
| + | == Overview == | ||
| + | |||
| + | |||
Poodle is the code name for a security hole discovered by Google, in a secure protocol used by computers to chat to each other. It stands for "Padding Oracle On Downgraded Legacy Encryption" | Poodle is the code name for a security hole discovered by Google, in a secure protocol used by computers to chat to each other. It stands for "Padding Oracle On Downgraded Legacy Encryption" | ||
| − | There are some very clear explanations on the issue. | + | There are some very clear explanations on the issue. |
| + | |||
| + | If you'd rather watch a video on it: http://www.youtube.com/watch?v=C8ks8WLoZto | ||
| − | |||
| + | If you'd prefer to read about it: http://www.ibtimes.co.uk/what-poodle-latest-online-security-threat-after-shellshock-heartbleed-1470300 | ||
| Line 12: | Line 17: | ||
| − | How do I fix the problem? | + | |
| + | == How can I check ? == | ||
| + | |||
| + | |||
| + | http://www.poodletest.com/ | ||
| + | |||
| + | |||
| + | if you want to test a server | ||
| + | |||
| + | |||
| + | http://www.poodlescan.com/ | ||
| + | |||
| + | |||
| + | |||
| + | == How do I fix the problem? == | ||
| Line 27: | Line 46: | ||
| − | All n One were aware of the issue on the 15th of October 2014, less than 24 hours after its discovery | + | |
| + | == Poodle and bxp software == | ||
| + | |||
| + | |||
| + | All n One were aware of the issue on the 15th of October 2014, less than 24 hours after its discovery | ||
| + | |||
| + | |||
| + | However to facilitate some client infrastructures having to change, implementation of the TLS only fix on the servers has been delayed to give clients a chance to update their infrastructures. | ||
| + | |||
| + | |||
| + | |||
| + | |||
| + | [[Category:Topic:Security]] | ||
Latest revision as of 20:22, 9 November 2014
Contents
1 Overview
Poodle is the code name for a security hole discovered by Google, in a secure protocol used by computers to chat to each other. It stands for "Padding Oracle On Downgraded Legacy Encryption"
There are some very clear explanations on the issue.
If you'd rather watch a video on it: http://www.youtube.com/watch?v=C8ks8WLoZto
If you'd prefer to read about it: http://www.ibtimes.co.uk/what-poodle-latest-online-security-threat-after-shellshock-heartbleed-1470300
The bug affects the SSL encryption technology and allows hackers to trick computers into sharing sensitive data which could give them access to your emails or social media accounts.
2 How can I check ?
3 How do I fix the problem?
Again, this is a relatively easy fix. You can simply instruct your browser not to support the SSL 3.0 standard and set the lower encryption standard to TLS 1.0, which is much more secure.
The problem of course is that you won't be able to visit the websites which continue to use SSL 3.0, though this is list is getting smaller and smaller.
Scott Helme has put together a comprehensive list of instructions on how to disable SSL 3.0 on Chrome, Firefox and Internet Explorer, as well as on servers running Apache, Nginix and IIS.
https://scotthelme.co.uk/sslv3-goes-to-the-dogs-poodle-kills-off-protocol/
4 Poodle and bxp software
All n One were aware of the issue on the 15th of October 2014, less than 24 hours after its discovery
However to facilitate some client infrastructures having to change, implementation of the TLS only fix on the servers has been delayed to give clients a chance to update their infrastructures.