Hey Friends, The upcoming releases of Google Chrome September 2018 time frame is said to no longer trust certain Symantec, Thawte, GeoTrust, and RapidSSL SSL/TLS certificates. Chrome users will see “Not secure” in the address bar when connecting to websites using a distrusted certificate. The folks over at Qualys wrote: “Google finalized their plans for […]
One of the teams I support had run into some issues. Spending a lot of time investigating code and possible configuration problems. What they later suspected to be a policy issue, possibly a firewall, network issues turned out to be something entirely different. Lets start with the symptoms: Service request to a secured site stopped functioning, […]
If you are running Apache, as I do you may want to take steps to secure your system but making a slight adjustment to your configuration. By adding the simply line: SSLProtocol All -SSLv2 -SSLv3 The file location: /etc/apache2 The file name: apache2.conf Remember to always backup a configuration file before making changes. Once completed restart apache: […]
First thing that came to my mind when reading about POODLE was how can I test, followed by what to do to patch/fix this. So the first thing is to test for the vulnerability. And from all I have read so far is that you are vulnerable if your servers support SSLv3. I am confident that […]
On Tuesday, October 14, 2014, Google researchers announced the discovery of a vulnerability that affects systems with SSL 3.0 enabled. This vulnerability has been named POODLE (Padding Oracle On Downgraded Legacy Encryption). Details are available at https://www.openssl.org/~bodo/ssl-poodle.pdf. It has been strongly encouraged to discontinue the use of SSL 3.0. Info Sources http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html