{"id":761,"date":"2014-10-28T15:24:11","date_gmt":"2014-10-28T15:24:11","guid":{"rendered":"http:\/\/paulgurney.com\/whats_new_blog\/?p=761"},"modified":"2014-10-28T16:36:06","modified_gmt":"2014-10-28T16:36:06","slug":"poodle-vulnerability-what-to-do","status":"publish","type":"post","link":"https:\/\/paulgurney.com\/whats_new_blog\/2014\/10\/poodle-vulnerability-what-to-do\/","title":{"rendered":"Poodle vulnerability\u2014what to do"},"content":{"rendered":"

October 2014 brought with it a new cyber-attack method to the Internet:\u00a0POODLE<\/strong>, the ‘Padding Oracle On Downgraded Legacy Encryption’ attack. The attack is against the SSLv3 protocol, which powers the HTTPS secure browsing system we’re all used to.<\/p>\n

What can you do?<\/strong><\/p>\n

1. Check your browser<\/strong>:<\/p>\n

https:\/\/dev.ssllabs.com\/ssltest\/viewMyClient.html<\/a><\/p>\n

Then disable SSLv3 support <\/strong>in your browser(s):<\/p>\n

https:\/\/scotthelme.co.uk\/sslv3-goes-to-the-dogs-poodle-kills-off-protocol\/<\/a><\/p>\n

Firefox<\/strong> was the easiest to change. Safari has no known fix yet, and Mac Chrome requires a command line tweak to modify.\u00a0 Even the Chrome Canary build is still vulnerable.<\/p>\n

 <\/p>\n

2. Check to see if your web server<\/strong> is vulnerable:<\/p>\n

https:\/\/www.tinfoilsecurity.com\/poodle<\/a><\/p>\n

Then ask your hosting company<\/strong> to disable SSLv3 on the server:<\/p>\n

https:\/\/scotthelme.co.uk\/sslv3-goes-to-the-dogs-poodle-kills-off-protocol\/<\/a><\/p>\n

 <\/p>\n","protected":false},"excerpt":{"rendered":"

October 2014 brought with it a new cyber-attack method to the Internet:\u00a0POODLE, the ‘Padding Oracle On Downgraded Legacy Encryption’ attack. The attack is against the SSLv3 protocol, which powers the HTTPS secure browsing system we’re all used to. What can you do? 1. Check your browser: https:\/\/dev.ssllabs.com\/ssltest\/viewMyClient.html Then disable SSLv3 support in your browser(s): https:\/\/scotthelme.co.uk\/sslv3-goes-to-the-dogs-poodle-kills-off-protocol\/ … <\/p>\n

Continue reading “Poodle vulnerability\u2014what to do”<\/span><\/a><\/p>\n","protected":false},"author":55,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[11,22,9],"tags":[],"class_list":["post-761","post","type-post","status-publish","format-standard","hentry","category-latest-news","category-security","category-webhosting"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p415hC-ch","_links":{"self":[{"href":"https:\/\/paulgurney.com\/whats_new_blog\/wp-json\/wp\/v2\/posts\/761","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/paulgurney.com\/whats_new_blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/paulgurney.com\/whats_new_blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/paulgurney.com\/whats_new_blog\/wp-json\/wp\/v2\/users\/55"}],"replies":[{"embeddable":true,"href":"https:\/\/paulgurney.com\/whats_new_blog\/wp-json\/wp\/v2\/comments?post=761"}],"version-history":[{"count":5,"href":"https:\/\/paulgurney.com\/whats_new_blog\/wp-json\/wp\/v2\/posts\/761\/revisions"}],"predecessor-version":[{"id":768,"href":"https:\/\/paulgurney.com\/whats_new_blog\/wp-json\/wp\/v2\/posts\/761\/revisions\/768"}],"wp:attachment":[{"href":"https:\/\/paulgurney.com\/whats_new_blog\/wp-json\/wp\/v2\/media?parent=761"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/paulgurney.com\/whats_new_blog\/wp-json\/wp\/v2\/categories?post=761"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/paulgurney.com\/whats_new_blog\/wp-json\/wp\/v2\/tags?post=761"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}