SSL v3.0 POODLE vulnerability and how to avoid it

A new SSL vulnerability is doing the rounds this morning, known as POODLE, or Padding Oracle On Downgraded Legacy Encryption.

POODLE is a newly disclosed vulnerability in the legacy SSL 3.0 protocol that could be exposing users of newer Transport Layer Security (TLS) encryption protocols to risk.

If exploited, the POODLE flaw could potentially enable an attacker to access and read encrypted communications.

Continue reading

Alt-N Technologies and MailStore products not effected by Heartbleed Open SSL security flaw

Alt-N Technologies (the developers of MDaemon and SecurityGateway) and MailStore have both confirmed the security flaw to OpenSSL, known as Heartbleed, does not impact any of their products.

However as IT professionals you may well be using other Open SSL internet facing services on your network so if you have any concerns, we recommend you take the time to run a quick scan by entering the site details using one of the following websites.

http://filippo.io/Heartbleed/

As a side note If you are interested in knowing even more detail about the SSL cipher versions your server supports this search is particularly detailed.

https://www.ssllabs.com/ssltest/index.html