Posts By: Mandalyn Ringersma

PCI DSS and SSL v 3

With widespread and disastrous SSL/TLS vulnerabilities taking place such as POODLE and FREAK, SSL and early TLS versions are no longer considered strong cryptography and any web site that still uses them is insecure. According to the new rules in PCI DSS v3.1, companies have until June 30, 2016 to update to a more recent… Read more »

GHOST – The latest Linux Vunlerability

During a code audit performed internally at Qualys, a buffer overflow in the GNU C Library (glibc) was found. Qualys worked closely with Linux distribution vendors to create a patch for all distributions impacted. Vendors made the patch available Wednesday January 28, 2015. GHOST exposes a buffer overflow that can be triggered locally and remotely… Read more »

Protecting Against the POODLE SSLv3 Vulnerability

Introduction On October 14th, 2014, POODLE (Padding Oracle On Downgraded Legacy Encryption), a vulnerability in version 3 of the SSL encryption protocol was disclosed. This vulnerability allows an attacker to read information encrypted with this version of the protocol in plain text using a man-in-the-middle attack. Even though SSLv3 is an older version and is… Read more »

Application Firewall Signature – 201410020822 (Baseline Version Update)

A baseline version for ZZ Servers’ Application Firewall 201410020822 is now available.  ZZ Servers will be performing baseline version updates on the Application Firewall. ChangeLog for Baseline Version 201410020822 Changed rule: bash injection CVE-2014-6271 and CVE-2014-7169 – Reason: IMPORTANT: We will enable the "apply_patterns_to_keys" in the BaselineProtectionHandler for full protection against ShellShock. If you have… Read more »