Good evening, 54.196.58.81.
Today is friday the 26th of May 2017. The time is 18:48:15 and it's week number 21.

(2014-10-15) No dogs allowed!

Yesterday news broke about a newly discovered serious vulnerability in the SSL 3.0 protocol. The vulnerability even got a cute nickname: Poodle. That's an abbreviation of "Padding Oracle On Downgraded Legacy Encryption".

So how does this affect The ERICADE Network? As for the web services and the ActiveSync support: don't worry. SSL 2.0 and SSL 3.0 have been disabled for almost a year now. Unless you use the newer TLS-protocol (which almost modern browsers do!) you cannot even connect to secure.ericade.net.

The mail/im services such as SMTP(s), POP3s, IMAPs and XMPP actually DO support SSL 3.0. The best way to make sure you're protected against attacks using this vulnerability is to update your mail and browsing software to their latest versions available as soon as they come out with mitigation of Poodle-attacks.

I'm researching the possibility to turn SSL 3.0 support off in the mail server. As soon as it's possible SSL 3.0 will be disabled for the SMTP, POP3, IMAPs and XMPP protocols.

Read more here:
http://www.theregister.co.uk/2014/10/14/google_drops_ssl_30_poodle_vulnerability/

Posted: 2014-10-15 by Erik Zalitis
Changed: 2014-10-15 by Erik Zalitis

News archive