First thing that came to my mind when reading about POODLE was how can I test, followed by what to do to patch/fix this.

So the first thing is to test for the vulnerability. And from all I have read so far is that you are vulnerable if your servers support SSLv3. I am confident that many of the ones I manage do; so lets test this out.

First thing I did was log into my Greyhat Test Box, thank you Kali Linux. Note: this could be any Linux distribution I just wanted to plug those guys/and/gals.

At the command line we will be using the OpenSSL tools to test by typing the following:

If this connects you have SSLv3 enabled, if it failed then you will see:

So if you run a server check out the following links:





And for the end users, disable SSL 3.0 in your browser, avoid MITM attack by using a VPN connection and always, always use HTTPS.