Yesterday, a new vulnerability named POODLE (Padding Oracle On Downgraded Legacy Encryption) was discovered by Google security researchers Bodo Möller, Thai Duong, and Krzysztof Kotowicz. Instead of targeting the server directly as Heartbleed or ShellShock did, this exploit directly targets the clients that are visiting the sites.
Google estimates this change will affect less than 1% of the internet as the SSL 3.0 protocol is almost 15 years old, but has remained in place to support users running older browsers.
To address this issue, Webdomain adjusted SSL on our shared and reseller servers by disabling SSL 3.0, as well as ensuring only secure ciphers are allowed. Please be aware this will cause some compatibility issues for older browsers, such as Internet Explorer 6.
Our servers now get a A-rate with SSLLabs.
Beside this, to increase every one security, we invite all our fellow customers to disable SSLv3 support in their browser settings.
Mittwoch, Oktober 15, 2014