Educause Security Discussion mailing list archives
REN-ISAC ALERT: Muzzling POODLE (While Cleaning Up Other Related Vulnerabilities, Too)
From: Doug Pearson <dodpears () REN-ISAC NET>
Date: Thu, 23 Oct 2014 09:55:55 -0400
REN-ISAC SECURITY ALERT Muzzling POODLE (While Cleaning Up Other Related Vulnerabilities, Too) October 22, 2014 To: IT Executives and Security Staff The full Alert is attached, and located at:
http://www.ren-isac.net/alerts/REN-ISAC_Alert_POODLE_and_Crypto_20141022.pdf
EXECUTIVE SUMMARY of the Alert: There have been many recent security advisories involving SSL/TLS encryption-related vulnerabilities, including most notably BEAST, the highly publicized Heartbleed bug, the BERserk vulnerability, and most recently, POODLE. Many sites have taken specific actions to address one or more of these high profile vulnerabilities, and we commend you for doing so -- your efforts help to protect your systems, the information they store and process, and your users. However, if you only take steps to address those particular high profile issues, your systems that rely on SSL/TLS are likely still insecure due to other equally serious (but less well-publicized) SSL/TLS-related issues. This alert will help you to assess the status of your servers and to understand the steps you should be undertaking to fix the POODLE vulnerability in particular. Also, it will suggest what you should be doing in general to improve the quality of the SSL/TLS cryptography you're depending on. Specifically we recommend that all sites should (1) identify their servers that use SSL/TLS, (2) assess the status of each of those servers, (3) update server cryptographic libraries, and (4) harden server crypto configurations. Technical recommendations concerning those steps are provided in the full Alert. Sincerely, Your REN-ISAC Team http://www.ren-isac.net 24x7 Watch Desk +1(317)278-6630
Attachment:
REN-ISAC_Alert_POODLE_and_Crypto_20141022.pdf
Description:
Current thread:
- REN-ISAC ALERT: Muzzling POODLE (While Cleaning Up Other Related Vulnerabilities, Too) Doug Pearson (Oct 23)