Security - Poodle
From All n One's bxp software Wixi
1 Overview
Poodle is the code name for a security hole discovered by Google, in a secure protocol used by computers to chat to each other. It stands for "Padding Oracle On Downgraded Legacy Encryption"
There are some very clear explanations on the issue.
If you'd rather watch a video on it: http://www.youtube.com/watch?v=C8ks8WLoZto
If you'd prefer to read about it: http://www.ibtimes.co.uk/what-poodle-latest-online-security-threat-after-shellshock-heartbleed-1470300
The bug affects the SSL encryption technology and allows hackers to trick computers into sharing sensitive data which could give them access to your emails or social media accounts.
2 How can I check ?
if you want to test a server
3 How do I fix the problem?
Again, this is a relatively easy fix. You can simply instruct your browser not to support the SSL 3.0 standard and set the lower encryption standard to TLS 1.0, which is much more secure.
The problem of course is that you won't be able to visit the websites which continue to use SSL 3.0, though this is list is getting smaller and smaller.
Scott Helme has put together a comprehensive list of instructions on how to disable SSL 3.0 on Chrome, Firefox and Internet Explorer, as well as on servers running Apache, Nginix and IIS.
https://scotthelme.co.uk/sslv3-goes-to-the-dogs-poodle-kills-off-protocol/
4 Poodle and bxp software
All n One were aware of the issue on the 15th of October 2014, less than 24 hours after its discovery
However to facilitate some client infrastructures having to change, implementation of the TLS only fix on the servers has been delayed to give clients a chance to update their infrastructures.
BEmail_Content_Replacement BEmail_Content_Retrieval Business_Express_Database_Types Business_Express_Form_Types CrossLinked_Calculation_Fields CrossLinked_Layouts Custom_CSS Data_Visualisation_Options eCourse_Campaign_Data eCourse_Name Form_Section_Group Form_Active_Flag Form_Dates Form_Examination_Types Form_Mass_Add_Questions Form_Name Form_Section_Group Form_Self_Generating_Logic Form_Statistics_Calculations Form_Statistics_Reports Google_LatLong_Translation Interface_Bars JavaScript_ScriptingBoxes KeyStat_Layout KeyStat_Tabs Latest_Updates Mass_answer_editing_of_questions MetaData_Input_Rules MetaData_Process_Rules MetaData_Program_and_Outcomes QA_-_Scores_and_Thresholds Quality_Assurance_Training Quality_Assign_Options Quality_Asssesors_From_Organogram Quality_Assurance_Campaign Quality_Assurance_Training Quality_Covert_Form_To_Quality_Form Quality_Create_From Quality_Create_From#Form Quality_Create_From#Organogram Quality_Load_PreLoad_Options Quality_On_Fail_Reinsert Quality_Releasing_Key_Fields Quality_Reporting_Header_Splitting Quality_Score_Displaying Quality_Support_Options Question_Branching Quick_Contact_Loading Quota_Management Special:Categories Special:RecentChanges Survey_Contact_Block Survey_Feedback Survey_Horizontal Survey_Horizontal_Vs_Vertical Survey_Template_1 Survey_Template_2 Survey_Template_3 Survey_Templates Survey_Vertical Surveys Training What_is_a_Blended_Campaign What_is_an_eCourse What_is_an_Inbound_Campaign Whitepapers
