POODLE Attack Vector - Addressed
-
Wednesday, 15th October, 2014
-
00:34am
POODLE stands for Padding Oracle On Downgraded Legacy Encryption. It’s an exploit that takes advantage of inherent weaknesses in the SSLv3 protocol. TLS, a more modern form of securing websites and email, is the standard supported by most web browsers and servers today, however, it also allows encryption to 'fall back' to the insecure SSLv3 protocol in some situations.
More information is available from Google's security blog, located here:
http://googleonlinesecurity.blogspot.com.au/2014/10/this-poodle-bites-exploiting-ssl-30.htmlAs a result, Compudata has disabled support for SSLv3 in our Apache webservers and Exim mailservers. It is important to note that if you run a site which uses the HTTPS protocol, (ecommerce sites, for example),
Internet Explorer 6 browsers will no longer be supported, because they do not include support for the TLS protocol. If you have any questions about this security issue, please open a ticket with our support team.
