Thank Goodness for POODLE

Thank Goodness for POODLE

The latest cyberattack to hit the news is POODLE (Padding Oracle on Downgraded Legacy Encryption). While POODLE wins points for both the cutest title and including Oracle in its name, I’m cheering it on for a different reason.

POODLE compromises the obsolete protocol SSL 3.0. That alone wouldn’t be a big deal, but it’s sneakier than that, since it tricks browsers and other applications that use more recent, more secure transport-layer security protocols to downgrade to SSL 3.0, thus becoming vulnerable to attack.

The best way to protect yourself from POODLE is to disable SSL 3.0 across your entire IT environment – servers, browsers, the lot.

And that’s why I’m cheering. You see, the bane of many an IT manager’s and web developer’s existence is Internet Explorer Version 6. This browser version has been obsolete for years, but numerous enterprises still insist on remaining standardized on it. It doesn’t support HTML 5, which is one of the many reasons web developers hate it. But that deficiency alone hasn’t forced shops to switch browsers.

The good news, however, is that IE 6 doesn’t support any transport-layer security protocol newer than SSL 3.0. So not only can POODLE drive a big truck through IE 6’s security defenses, but now every IT shop must disable all SSL 3.0 support to protect the rest of its applications. And that means finally getting rid of IE 6 once and for all.

Hallelujah!

Share the Post:
Heading photo, Metadata.

What is Metadata?

June 1, 2023

What is metadata? Well, It’s an odd concept to wrap your head around. Metadata is essentially the secondary layer of data that tracks details about the “regular” data. The regular

XDR solutions

The Benefits of Using XDR Solutions

May 24, 2023

Cybercriminals constantly adapt their strategies, developing newer, more powerful, and intelligent ways to attack your network. Since security professionals must innovate as well, more conventional endpoint detection solutions have evolved

AI is revolutionizing fraud detection

How AI is Revolutionizing Fraud Detection

May 23, 2023

Artificial intelligence – commonly known as AI – means a form of technology with multiple uses. As a result, it has become extremely valuable to a number of businesses across

AI innovation

Companies Leading AI Innovation in 2023

May 22, 2023

Artificial intelligence (AI) has been transforming industries and revolutionizing business operations. AI’s potential to enhance efficiency and productivity has become crucial to many businesses. As we move into 2023, several

data fivetran pricing

Fivetran Pricing Explained

May 17, 2023

One of the biggest trends of the 21st century is the massive surge in analytics. Analytics is the process of utilizing data to drive future decision-making. With so much of

kubernetes logging

Kubernetes Logging: What You Need to Know

May 16, 2023

Kubernetes from Google is one of the most popular open-source and free container management solutions made to make managing and deploying applications easier. It has a solid architecture that makes

Show More