Categories
How-To Software Technical

Please disable POODLE in IIS, here is how

Here we are again with POODLE I’ve touched on it here: http://jermsmit.com/security-news-poodle-security-vulnerability/ Then secured up Apache here: http://jermsmit.com/secure-apache-httpd-from-poodle/ And even did some testing here: http://jermsmit.com/tech-short-lets-test-for-poodle-or-sslv3/ This time I am adding the steps used to secure-up some IIS Servers. Lets Start:  *note* These steps apply to Server 2003, 2008, 2012 Requirements:  Administrator Rights Registry Changes Reboot of Server Steps: […]

Categories
News

Google Removes SSLv3 Fallback Support From Chrome

Google has released Chrome 39, fixing 42 security vulnerabilities and removing support for the fallback to SSLv3. Among the fixes in Google Chrome version 39 are a number of patches for high-risk vulnerabilities, including several buffer overflows, use-after-frees and integer overflows. Highlight fixes below: Please see the Chromium security page for more information. [$500][389734] High […]

Categories
How-To Software Technical

Secure Apache HTTPD from POODLE

If you are running Apache, as I do you may want to take steps to secure your system but making a slight adjustment to your configuration. By adding the simply line: SSLProtocol All -SSLv2 -SSLv3 The file location: /etc/apache2 The file name: apache2.conf Remember to always backup a configuration file before making changes. Once completed restart apache: […]

Categories
News Software Technical

Tech Short: Let’s test for POODLE or SSLv3

First thing that came to my mind when reading about POODLE was how can I test, followed by what to do to patch/fix this. So the first thing is to test for the vulnerability. And from all I have read so far is that you are vulnerable if your servers support SSLv3. I am confident that […]

Categories
News Software Technical

Security News – POODLE Security Vulnerability

On Tuesday, October 14, 2014, Google researchers announced the discovery of a vulnerability that affects systems with SSL 3.0 enabled. This vulnerability has been named POODLE (Padding Oracle On Downgraded Legacy Encryption). Details are available at https://www.openssl.org/~bodo/ssl-poodle.pdf. It has been strongly encouraged to discontinue the use of SSL 3.0. Info Sources http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html