Re: [bitfolk] SSL POODLE (CVE-2014-3566) vulnerabilities amo…

Top Page

Reply to this message
Author: Simon
Date:  
To: users
Subject: Re: [bitfolk] SSL POODLE (CVE-2014-3566) vulnerabilities amongstthe customer base
Yeah, fine with me.

Thanks

On 9 December 2014 19:39:05 GMT+00:00, Andy Smith <andy@???> wrote:
>Hello,
>
>On Thu, Oct 16, 2014 at 11:34:04AM +0000, Andy Smith wrote:
>> By now you have probably been made aware of a security deficiency in
>> the design of SSL 3.0 which has been dubbed "POODLE". Here's some
>> more info:
>>
>>
>http://googleonlinesecurity.blogspot.co.uk/2014/10/this-poodle-bites-exploiting-ssl-30.html
>>
>> I am writing to you because, unless this script is flawed:
>>
>>     https://gist.github.com/bitfolk/18e8f48ebe937e802967

>>
>> then there are over 150 customer IPs at BitFolk that are still
>> supporting SSLv3 on port 443.
>
>ShadowServer have started reporting on this now, and their latest
>report still shows 79 IPs in BitFolk's customer IP space that are
>vulnerable to SSLv3/Poodle.
>
>I still don't want to be opening tickets with people individually
>over this so unless there is an outrage against the idea then I'm
>thinking of just posting next Tuesday's report here. It only takes a
>few seconds to scan all of BitFolk's IP space anyway and there are
>multiple scripts published to do so (including the one linked
>above).
>
>Cheers,
>Andy
>
>--
>http://bitfolk.com/ -- No-nonsense VPS hosting
>
>
>------------------------------------------------------------------------
>
>_______________________________________________
>announce mailing list
>announce@???
>https://lists.bitfolk.com/mailman/listinfo/announce


--
Sent from my Android device with K-9 Mail. Please excuse my brevity.