As you may be aware, an Internet-wide security issue, commonly referred to as POODLE, has been identified in the last two weeks and affects anyone using older Web browsers that use SSL version 3 (SSLv3), specifically Internet Explorer (IE) 6. The POODLE attack (which stands for "Padding Oracle On Downgraded Legacy Encryption") is a man-in-the-middle exploit which takes advantage of Internet and security software clients' fallback to SSL 3.0. If attackers successfully exploit this vulnerability, on average, they only need to make 256 SSL 3.0 requests to reveal one byte of encrypted messages. This issue creates a vulnerability that could allow hackers to gain access to any connection using this outdated Web browser.

Emagine has disabled SSL version 3 on all of its servers and is NOT vulnerable to POODLE.

If you want full details on what POODLE is and how it works, you can download the PDF write up that Google did here.

If you have any questions regarding POODLE, please contact us at 712-262-6674.

comments powered by Disqus