SSL 3.0 Protocol Vulnerability and POODLE Attack (CVE-2014-3566)

All Ecological Hosting web hosting servers have been updated to disallow SSLv3 to help mitigate the SSLv3/POODLE vulnerability.

US-CERT Report:
https://www.us-cert.gov/ncas/alerts/TA14-290A

“The POODLE (Padding Oracle On Downgraded Legacy Encryption) attack demonstrates this vulnerability using web browsers and web servers, which is one of the most likely exploitation scenarios.”

More from BBC News:
http://www.bbc.co.uk/news/technology-29627887

“The bug could hit people using old browsers and servers that still use the protocol.

The bug is not easy to exploit and would need an attacker to control the internet connection between the browser and the server, a so-called man-in-the-middle attack. This could be achieved for example if he or she were in range of an unencrypted wi-fi access point.”

This entry was posted in News, Security News and tagged , , , , , . Bookmark the permalink.

Comments are closed.