Many of us take for granted that if we're diligent about keeping our systems current with the latest security updates, we're protected from threats. Unfortunately, this isn't the case.
On Oct. 15, 2014, Google security researchers revealed a vulnerability called POODLE (Padding Oracle On Downgraded Legacy Encryption) in an older SSL protocol (SSL v3.0) that many services and browsers still have in use. SSL is the security technology used to create an encrypted link between a web server and a browser, ensuring that the data passed remain private.
Although there are newer protocols not vulnerable to the SSL v3.0 exploit, many browsers still allow for its use. The good news is that many companies are taking immediate steps to discontinue its use.
What Do I Do?
Fixing POODLE is relatively simple. The first thing you'll want to do is test each of the browsers you have installed (whether you use them or not). To do the test, go to POODLE Test. When the page loads, you'll see a picture of a dog at the top of the page. If it's a Springfield terrier, your browser is not vulnerable to the exploit. If you see a Poodle, SSL v3.0 is enabled in your browser, and you'll need to turn it off.
This page will guide you through the simple steps for disabling SSL v3.0 in the most popular browsers.
Note to Apple users: Apple has indicated this vulnerability has been patched in Safari, but it's never a bad idea to verify your security.
Thanks to Katie Lay of HIPAA Risk Management for this tip. Ms. Lay is coauthor of HIPAA Security: Compliance and Case Studies, available in the TMA Education Center.
Published Nov. 11, 2014
TMA Practice E-Tips main page
Last Updated On
December 20, 2016