By Larry Seltzer for Zero Day | October 29, 2014
Image: Richard Melick at Webroot.
Microsoft has released a Fix It to disable the feature which was the subject of the POODLE attack. The Fix It, a program which implements changes in the registry, makes the process simpler than the alternatives.
POODLE is the name given to a vulnerability in SSL version 3.0 found earlier this month by a Google researcher. SSL was supplanted by TLS and the current version is 1.2, but systems may fall back to older versions if the server does not support the newer ones.
POODLE is a design flaw in SSL/TLS and so there is no patch to fix the bug. Instead, vendors are disabling support for SSL 3.0, a protocol which is old and deprecated anyway. The number of server systems which require SSL 3.0 is said to be small, but users of those servers will start having problems connecting as client systems begin to have their SSL 3.0 support removed.
Full Article
