The IT Nerd

If Heartbleed and Shellshock aren’t enough, there’s a new exploit for you to worry about. Dubbed Poodle, this attack takes advantage of the fact that clients, as in web browsers and mobile phone apps for example, will downgrade to the older, less secure, protocols if it is unable to establish a secure connection. The downgrade can be triggered by network glitches as well as active attackers. If you want a more nerdy response, you can read a very detailed document on the subject [Warning: PDF].

The question is, how to you protect yourself? The answer is to use a modern, standards compliant Web browser and disable SSL 3.0.

• IE: Un-checking the SSL 3.0 box under the Advanced tabs in the Internet Options menu will do the job.
• Firefox: Go to about.config on the browser, and change the value forsecurity.tls.version.min to 1. If that’s too technical you can also download a Mozilla add-on to disable SSL 3.0.
• Chrome: Here are directions for Windows and Mac OS X users of Chrome.

If you are running Safari on iOS or OS X, you’ll have to wait for Apple to put out an update. That’s disappointing.

Now to see if you’re actually vulnerable, here’s a couple of links:

• Checking client-side vulnerability: https://www.poodletest.com/
• Checking server-side vulnerability: http://www.poodlebleed.com

This entry was posted on October 16, 2014 at 3:29 pm and is filed under Tips with tags Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.