Thursday, 16 October 2014
A vulnerability in SSL version 3.0 (SSL3.0), CVE-2014-3566, known as "POODLE" was announced on 14 October 2014. This vulnerability allows the plaintext of secure connections to be calculated by a network attacker.
SSL 3.0 is nearly 18 years old, but support for it remains widespread. Most importantly, nearly all browsers support SSL 3.0 and browsers will retry failed connections with older protocol versions, including SSL 3.0 to work around bugs in HTTPS servers. A network attacker can cause connection failures and because of this, they can trigger the use of SSL 3.0 and then exploit this issue.
Reference material can be found here:
Generic advisory is that SSL 3.0 should be disabled in all affected applications, in favor of the newer encryption mechanism TLS (Transport Layer Security).
source text: www.ssh.com
Many companies have little to no email retention policies in place. The idea here is to ensure that if a business related email is required...
Off topic.......configuring the zmodo ZP-IBi-13W camera to work with Blue Iris Software. Many people have had issues getting these cameras...
So it looks like the Government will finally get the law passed requiring websites to retain all user browsing activity logs for a minimum o...
On April 12th, 2016, a crucial security bug in Windows and Samba will be disclosed. It has been named Badlock and like Heartbleed it has...