Security - Poodle

From All n One's bxp software Wixi

Revision as of 20:16, 22 October 2014 by Philip Lacey (talk | contribs) (Created page with "Poodle is the code name for a security hole discovered by Google, in a secure protocol used by computers to chat to each other. It stands for "Padding Oracle On Downgraded Le...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Poodle is the code name for a security hole discovered by Google, in a secure protocol used by computers to chat to each other. It stands for "Padding Oracle On Downgraded Legacy Encryption"


There are some very clear explanations on the issue. One of these can be found here:


http://www.ibtimes.co.uk/what-poodle-latest-online-security-threat-after-shellshock-heartbleed-1470300


The bug affects the SSL encryption technology and allows hackers to trick computers into sharing sensitive data which could give them access to your emails or social media accounts.


How do I fix the problem?


Again, this is a relatively easy fix. You can simply instruct your browser not to support the SSL 3.0 standard and set the lower encryption standard to TLS 1.0, which is much more secure.


The problem of course is that you won't be able to visit the websites which continue to use SSL 3.0, though this is list is getting smaller and smaller.


Scott Helme has put together a comprehensive list of instructions on how to disable SSL 3.0 on Chrome, Firefox and Internet Explorer, as well as on servers running Apache, Nginix and IIS.


https://scotthelme.co.uk/sslv3-goes-to-the-dogs-poodle-kills-off-protocol/


All n One were aware of the issue on the 15th of October 2014, less than 24 hours after its discovery, however to facilitate some client infrastructures to move, implementation of the TLS only fix on the servers has been delayed to give clients a chance to update their infrastructures.

Retrieved from ‘https://www.bxpsoftware.com/wixi/index.php?title=Security_-_Poodle&oldid=2018