According to Google researchers, a new online security bug has been detected named POODLE. POODLE, which stands for Padding Oracle On Downgraded Legacy Encryption, attacks a specific vulnerability in SSL 3.0. This bug, which also goes by ‘Poodlebleed’ is extremely similar to the Heartbleed bug which was brought to light earlier this year. The POODLE exploit allows hackers to intercept and replace data being sent or received during a “secure” HTTPS session. While SSL 3.0 has mainly been replaced by its successors such as TLS 1.0, many TLS implementations remain backwards-compatible with SSL 3.0 to interoperate with legacy systems in order to create a smooth user experience. Google has put out a report outlining their findings and gives sysadmins a head start in detecting and containing the POODLE bug.
For more information on how to control the POODLE bug, download Google’s PDF about their findings or give our Information Security practice a call at 978-538-9055!
For the second year in a row, GraVoc has been recognized on the CRN® MSP 500 list in the Pioneer 250 category!
In this blog post, we provide an overview of the SAQ types for PCI DSS v4.0 and how to select a PCI SAQ that’s right for your business.
GraVoc won a Silver Medal for Cybersecurity and a Bronze Medal for Web Design in Banker & Tradesman’s Best of 2023 readers’ choice awards!