Your IT Consultant
Information Technology Blog
by John W. Simek, Vice President of Sensei Enterprises, Inc.
SSL is no Longer Safe to Use
October 16, 2014
There have been several reports discussing another vulnerability in SSL (Secure Socket Layer). Specifically, the current attack is being called POODLE for "Padding Oracle On Downgraded Legacy Encryption." The flaw was documented by Google employees Bodo Möller, Thai Duong, and Krzysztof Kotowicz. Bottom line is that SSL version 3.0 is broken and there doesn’t appear to be any hope of a fix.
The recommendation is to disable SSLv3 from any web server and certainly from your browsers. Firefox 34, which will be released November 25th, will disable SSLv3 by default. There is an add-on for Firefox that you should install now until version 34 is released. The instructions for disabling SSL in other browsers can be found here. So navigate to the page and disable SSLv3 for any browser installed on your computer.
E-mail: Phone: 703.359.0700
Digital Forensics/Information Security/Information Technology
http://www.senseient.com
Listen to the Podcast
