SSL v3.0 POODLE vulnerability and how to avoid it

A new SSL vulnerability is doing the rounds this morning, known as POODLE, or Padding Oracle On Downgraded Legacy Encryption.

POODLE is a newly disclosed vulnerability in the legacy SSL 3.0 protocol that could be exposing users of newer Transport Layer Security (TLS) encryption protocols to risk.

If exploited, the POODLE flaw could potentially enable an attacker to access and read encrypted communications.

Continue reading

Alt-N Technologies and MailStore products not effected by Heartbleed Open SSL security flaw

Alt-N Technologies (the developers of MDaemon and SecurityGateway) and MailStore have both confirmed the security flaw to OpenSSL, known as Heartbleed, does not impact any of their products.

However as IT professionals you may well be using other Open SSL internet facing services on your network so if you have any concerns, we recommend you take the time to run a quick scan by entering the site details using one of the following websites.

http://filippo.io/Heartbleed/

As a side note If you are interested in knowing even more detail about the SSL cipher versions your server supports this search is particularly detailed.

https://www.ssllabs.com/ssltest/index.html

 

RIM release important security patch for BES – also affects MDaemon customers

Research In Motion™ have just released an important security patch for the BlackBerry Enterprise Server platforms that could potentially affect MDaemon Messaging Server.

This patch addresses a vulnerability in BlackBerry Enterprise Server (BES)  that process images and so only affects MDaemon installations that have the optional BES server installed.

If you’re an MDaemon customer running the BES component we recommend you follow the instructions in this knowledge base guide to be on the safe side.

Continue reading