SECURITY ALERT: POODLE Vulnerability
|
HERE WE GO AGAIN!
So far this year we have seen many critical vulnerabilities like Heartbled and Shellshock - now brace yourself for the 3rd biggie of the year - "POODLE". Google made the announcement earlier this week about a vulnerability in SSL 3.0 and named it POODLE. According to some sources, this vulnerability may be more than 15 years old and allows hackers to perform "man in the middle" attacks. So, what should you do? The easiest fix would be to make sure that SSL 3.0 is disabled, if you can disable it! Many programs and browsers still use SSL 3.0 so you may have a problem if you have applications or services that need it. The other advice is to run a vulnerability assessment to see if you are vulnerable to this latest threat.
WHAT HAVE WE LEARNED THIS YEAR?
The POODLE vulnerability is just another wake-up call (like Heartbleed and Shellshock) that you need a VERY GOOD security policy, that includes REGULAR vulnerability assessments. Gone are the days of performing annual (or bi-annual) vulnerability assessments. That's not good enough anymore. Quarterly (or monthly) vulnerability assessments should be your policy, if they are not already!
Btech performs vulnerability assessments as part of its IT Security Services for Credit Unions. More information on the services available can be found HERE.
To learn more about POODLE, click here or contact Btech at 626.397.1045.
|
|
IMPORTANT FOR BTECH CUSTOMERS
|
If you are an existing Btech customer, and would like to schedule an "out of sequence" vulnerability assessment to analyze your environment for the POODLE vulnerability, please contact Lee Bird at [email protected].
|
