Here we are again with POODLE I’ve touched on it here: http://jermsmit.com/security-news-poodle-security-vulnerability/ Then secured up Apache here: http://jermsmit.com/secure-apache-httpd-from-poodle/ And even did some testing here: http://jermsmit.com/tech-short-lets-test-for-poodle-or-sslv3/ This time I am adding the steps used to secure-up some IIS Servers. Lets Start: *note* These steps apply to Server 2003, 2008, 2012 Requirements: Administrator Rights Registry Changes Reboot of Server Steps: […]
Tag: POODLE
Google has released Chrome 39, fixing 42 security vulnerabilities and removing support for the fallback to SSLv3. Among the fixes in Google Chrome version 39 are a number of patches for high-risk vulnerabilities, including several buffer overflows, use-after-frees and integer overflows. Highlight fixes below: Please see the Chromium security page for more information. [$500][389734] High […]
If you are running Apache, as I do you may want to take steps to secure your system but making a slight adjustment to your configuration. By adding the simply line: SSLProtocol All -SSLv2 -SSLv3 The file location: /etc/apache2 The file name: apache2.conf Remember to always backup a configuration file before making changes. Once completed restart apache: […]
First thing that came to my mind when reading about POODLE was how can I test, followed by what to do to patch/fix this. So the first thing is to test for the vulnerability. And from all I have read so far is that you are vulnerable if your servers support SSLv3. I am confident that […]
On Tuesday, October 14, 2014, Google researchers announced the discovery of a vulnerability that affects systems with SSL 3.0 enabled. This vulnerability has been named POODLE (Padding Oracle On Downgraded Legacy Encryption). Details are available at https://www.openssl.org/~bodo/ssl-poodle.pdf. It has been strongly encouraged to discontinue the use of SSL 3.0. Info Sources http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html