Are Your Systems Safe?

 Jul 31, 2017

It has been quite a while since my original blog was published (Poodle or Terrier - Are Your Systems Safe back in June 2015) but it is sad to see there are still people using outdated browsers and applications, and still being caught by the POODLE man-in-the-middle-attack. It is particularly distressing as the “fix” is relatively simple – KEEP YOUR PC’s UP-TO-DATE with the latest patches and updates, or at the very least change the settings on your browser(s) so that it/they are not able to use SSLv3, and stop accessing applications that still use SSLv3. As mentioned in my previous article, if you are using the latest and updated browsers (such as Edge, Chrome, Safari and Firefox etc.), they are now all configured not to use SSLv3 anymore by default, but it is always wise to double-check, and please make sure that any applications you or your organization are using are configured NOT to use SSL 3.0 (and preferably not TLS 1.0 and 1.1 nowadays as well!)

If you would like more information on the training we offer around system security visit our website.

In addition, it has been recently pointed out that at least one of the links I gave above to re-configure the browsers, particularly for the Ubuntu and Mac servers etc. are out of date and broken, so here are a couple of updated links:

  • A website called disablessl3.com/ which gives a rundown on why we need to disable the SSLv3 protocol, and instructions on how to configure all the current browsers, as well as a number of web server and mail server applications such as IIS, Apache, Nginx, Lighttpd, Sendmail and Postfix etc., and even Java, OpenVPN, Puppet and other application configuration changes.

  • Stephen Cooper has written an excellent article entitled The POODLE Exploit and How To Defeat It for the BestVPN website. Stephen’s blog goes into more detail on the SSLv3 vulnerabilities, and also includes step by step instructions on how to configure the current range of browsers, including screenshots.

 

How do your Excel skills stack up?   

Test Now  

About the Author:

Gordon Cowser  

With over 22 years real world and training experience, Gordon is our most senior IT Infrastructure trainer. His expertise includes but is not limited to; Microsoft Server and Client OS, Messaging, Collaboration, Active Directory and Network Infrastructure. Gordon also specialises in SharePoint technologies training in both technical and end user aspects. With his extensive skill-set he brings a thorough mentoring capability to the classroom where he can advise on technical issues and challenges often beyond the scope of the course curriculum. A very approachable and experienced training professional, he has the ability to establish credibility fast with students at all levels.

Read full bio
top
Back to top