Yeah, fine with me. Thanks On 9 December 2014 19:39:05 GMT+00:00, Andy Smith <andy@bitfolk.com> wrote: Hello, On Thu, Oct 16, 2014 at 11:34:04AM +0000, Andy Smith wrote: By now you have probably been made aware of a security deficiency in the design of SSL 3.0 which has been dubbed "POODLE". Here's some more info: http://googleonlinesecurity.blogspot.co.uk/2014/10/this-poodle-bites-exploiting-ssl-30.html I am writing to you because, unless this script is flawed: https://gist.github.com/bitfolk/18e8f48ebe937e802967 then there are over 150 customer IPs at BitFolk that are still supporting SSLv3 on port 443. ShadowServer have started reporting on this now, and their latest report still shows 79 IPs in BitFolk's customer IP space that are vulnerable to SSLv3/Poodle. I still don't want to be opening tickets with people individually over this so unless there is an outrage against the idea then I'm thinking of just posting next Tuesday's report here. It only takes a few seconds to scan all of BitFolk's IP space anyway and there are multiple scripts published to do so (including the one linked above). Cheers, Andy -- Sent from my Android device with K-9 Mail. Please excuse my brevity. |