world-security

Important Information On POODLE Security Vulnerability

XSolutions is aware of and currently investigating the latest publically known vulnerability in SSL, CVE-2014-3566 SSLv3 POODLE vulnerability.  Unlike, the recent Heartbleed vulnerability, the pre-requisites of this vulnerability are very sophisticated and as such the real world severity is far lower than Heartbleed vulnerability was.

The vulnerability is basically a flaw found in SSLv3 which is a legacy implementation of the secure protocol web browsers use to communicate with servers.  All modern browsers support it for backwards compatibility and Google estimates that less than 1% of the internet will be affected by disabling the SSLv3 protocol on servers.

This is a server configuration issue and XSolutions is in progress of disabling SSLv3 on all of our managed servers and websites.  As an added precaution an update will be pushed out to all of our managed workstations to disable the SSLv3 protocol. 

Chrome and Firefox have already announced they will be removing the SSLv3 implementation from their next major browser updates.  Microsoft will likely patch Internet Explorer soon.  Browser updates will be pushed out immediately to all managed workstations and servers as they are made available.

Further information can be found at:

http://www.forbes.com/sites/jameslyne/2014/10/15/poodle-security-vulnerability-breaks-sslv3-secure-browsing/

https://technet.microsoft.com/en-us/library/security/3009008.aspx

http://askubuntu.com/questions/537196/how-do-i-patch-workaround-sslv3-poodle-vulnerability-cve-2014-3566

Check your certificate installation here: https://ssltools.geotrust.com/checker/views/certCheck.jsp

Ask us about our FREE Technology Assessment for qualified New York and New Jersey businesses and find out the true state of your network. Call (845) 362-9675 or email us for more information.

XSolutions is a Managed Services Provider (MSP) and provides 24/7/365 remote monitoring, scheduled workstation and server maintenance, Help Desk Services, Cloud & Hosted Services, Backup/Disaster Recovery, and Software Development. Call us at (845) 362-9675 and see how we can help your company.