Posts Categorized: Security

PCI DSS and SSL v 3

With widespread and disastrous SSL/TLS vulnerabilities taking place such as POODLE and FREAK, SSL and early TLS versions are no longer considered strong cryptography and any web site that still uses them is insecure. According to the new rules in PCI DSS v3.1, companies have until June 30, 2016 to update to a more recent… Read more »

GHOST – The latest Linux Vunlerability

During a code audit performed internally at Qualys, a buffer overflow in the GNU C Library (glibc) was found. Qualys worked closely with Linux distribution vendors to create a patch for all distributions impacted. Vendors made the patch available Wednesday January 28, 2015. GHOST exposes a buffer overflow that can be triggered locally and remotely… Read more »

Protecting Against the POODLE SSLv3 Vulnerability

Introduction On October 14th, 2014, POODLE (Padding Oracle On Downgraded Legacy Encryption), a vulnerability in version 3 of the SSL encryption protocol was disclosed. This vulnerability allows an attacker to read information encrypted with this version of the protocol in plain text using a man-in-the-middle attack. Even though SSLv3 is an older version and is… Read more »

Bash Security Vulnerability Patch Instructions

A new major security vulnerability impacting Linux customers who leverage Bash as their shell was announced in Sepetember. ZZ Servers strongly recommends customers exposed to this vulnerability apply the appropriate security patch as soon as possible. Below are instructions for patching your systems: For Debian or Ubuntu, run the following command:   apt-get update &&… Read more »

Managing Partner, David M. Zendzian, to give presentation on SSL/TLS protocol, security and configuration issues

Managing Partner, David M. Zendzian, will be giving a short presentation on SSL/TLS protocol, security and configuration issues on Brighttalk tomorrow at 12 EST. SSL is a well designed protocol to ensure communications between two points are secured and that 3rd parties are not able to view the protected communications. As such many applications have… Read more »