SE Alert: “POODLE” SSLv3 Vulnerability

On Tuesday October 14, 2014 a vulnerability in the SSLv3 encryption protocol, commonly referred to as POODLE (Padding Oracle On Downgraded Legacy Encryption), was discovered, see NIST CVE-2014-3566.  What this means is that there is the possibility of a cyber criminal getting access to data you are transmitting between your web browser and the website or service you are connecting to.  This affects both Windows and Linux environments.  However both NIST and Microsoft state there are mitigating factors that lessen the risk of this attack.  While there are steps you can take to remove the vulnerability in your browsers and servers this will likely negatively impact users and at this time the risk does not warrant this level of intervention.

We will continue to monitor the threat along with manufactures recommendations and provide updates as changes warrant.  As always, should we discover a direct and impending risk to one of our clients, we will contact them directly.