Categories
News

Check your website for Chrome distrust

Hey Friends, The upcoming releases of Google Chrome September 2018 time frame is said to no longer trust certain Symantec, Thawte, GeoTrust, and RapidSSL SSL/TLS certificates. Chrome users will see “Not secure” in the address bar when connecting to websites using a distrusted certificate. The folks over at Qualys wrote: “Google finalized their plans for […]

Categories
How-To Technical

Windows 2003, HTTPS Access Issues

One of the teams I support had run into some issues. Spending a lot of time investigating code and possible configuration problems. What they later suspected to be a policy issue, possibly a firewall, network issues turned out to be something entirely different. Lets start with the symptoms: Service request to a secured site stopped functioning, […]

Categories
How-To Software Technical

Secure Apache HTTPD from POODLE

If you are running Apache, as I do you may want to take steps to secure your system but making a slight adjustment to your configuration. By adding the simply line: SSLProtocol All -SSLv2 -SSLv3 The file location: /etc/apache2 The file name: apache2.conf Remember to always backup a configuration file before making changes. Once completed restart apache: […]

Categories
News Software Technical

Tech Short: Let’s test for POODLE or SSLv3

First thing that came to my mind when reading about POODLE was how can I test, followed by what to do to patch/fix this. So the first thing is to test for the vulnerability. And from all I have read so far is that you are vulnerable if your servers support SSLv3. I am confident that […]

Categories
News Software Technical

Security News – POODLE Security Vulnerability

On Tuesday, October 14, 2014, Google researchers announced the discovery of a vulnerability that affects systems with SSL 3.0 enabled. This vulnerability has been named POODLE (Padding Oracle On Downgraded Legacy Encryption). Details are available at https://www.openssl.org/~bodo/ssl-poodle.pdf. It has been strongly encouraged to discontinue the use of SSL 3.0. Info Sources http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html