Ramblings of an old Doc

 

OK…this is a bit technical, so brace yourselves. Anyway, recently, a SSL 3.0 vulnerability was discovered. This vulnerability allows the injection of malicious code into your computer and web hosting servers and allow remote code execution. So what’s SSL? It means Secure Sockets Layer (and there are 3). It has been superceded by TLS (Transport Layer Security).

The Poodle (Padding Oracle On Downgraded Legacy Encryption) attack allows a web criminal to intercept data that is being sent over the SSL3 connection. Not only can he or she intercept the data, the web criminal can inject their own data into the connection, making the website believe that it came from the browser. Likewise, it makes the browser believe that the malicious data comes from the web server.

You can test your browser vulnerability at the following site https://www.poodletest.com/

There’s a good guide here to how to fix various browsers: http://www.tomsguide.com/us/poodle-fix-how-to,news-19775.html

MS has released a Fixit tool for those who use IE:

Download links:

So…if you haven’t already done so, time to act!

Sources:

http://news.thewindowsclub.com/fix-it-disable-ssl-3-0-vulnerability-ie-69815/

http://www.thewindowsclub.com/ssl-3-0-secure-browser-poodle-vulnerability-attack

http://www.tomsguide.com/us/poodle-fix-how-to,news-19775.html


Comments (Page 2)
2 Pages1 2 
on Nov 04, 2014

Double-checked the spelling & tried copy/paste - no love.  Am Admin.  It's Windows, after all. 

 

Not daily driver, anyway.  PM's current version is Not Vulnerable by default.

on Nov 05, 2014

Thanks Doc. My IE is safe again. 

2 Pages1 2