Sand Poodle: the latest threats

If you follow technology news or even the BBC, you will have spotted that yet more security vulnerabilities have been announced. And that they come complete with branding.


So far this year we've had Heartbleed and Shellshock. Now we have Sandworm and Poodle.



SSL 3.0 vulnerability, aka “Poodle”


Poodle is a flaw in the Secure Sockets Layer version 3 (SSL 3) which sends and receives encrypted traffic over the internet. SSL 3 is a good 15 years old and was deprecated long ago. In reality current browsers and devices don't need SSL 3; the closest thing we've found is Internet Explorer 6.0 and I'm not sure anyone could argue that it's a current browser.


The likelihood of someone exploiting Poodle on our critical systems is low and we’ve taken steps to reduce it further still by disabling SSL 3.



Sandworm Windows vulnerability

Sandworm is just one of three zero-day vulnerabilities on Windows desktops and servers. It’s another that might sound worrying, but normal good practice will keep you safe.


  • If you're using the University Desktop there's nothing to worry about. We take care of your security updates for you. Just make sure you let them install when you turn your computer off.
  • If you are using a standalone Windows computer at work or at home, make sure you download and install any available updates. If possible it's always a good idea to have automatic updates turned on to help with this.
  • Any Windows servers managed by us will be patched as part of our normal processes.

As always, be really cautious when visiting new websites and opening emails. If you discover a webpage or email that you have any doubts about, then don't hesitate to get in touch with us.
Previous
Next Post »