VisiCom Services Blog

VisiCom Services has been serving the Rochester Hills area since 1994, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Microsoft Fixes Dangerous POODLE SSL Vulnerability

b2ap3_thumbnail_Poodles_400.jpgA while back we discussed the POODLE vulnerability found in SSL 3.0 SSL encryption technology. This vulnerability is found in all operating systems, as it is found within the web browser’s abilities to process SSL encryption. Thankfully, major companies are stepping up to tackle the issue, and Microsoft has released a basic solution to fix the vulnerability in Internet Explorer.

The POODLE vulnerability itself is used to obtain information encrypted with SSL technology by analyzing web traffic. This technique is used to steal information such as credit card numbers, Social Security numbers or other private information. In non-tech speak, SSL (Secure Socket Layers) is an encryption protocol used to keep data safe on the web through security certificates. This method of encryption has long since been replaced by the more secure protocol TLS (Transport Layer Security), but several systems will revert back to their old SSL certificates in the event something has gone wrong with their TLS. TLS isn’t vulnerable to this issue, so in theory, a hacker could force their way into a network, exploiting the traffic coming in and out of the network for any worthwhile information.

According to the Microsoft security advisory, hackers exploit a man-in-the-middle attack to take advantage of this vulnerability:

In a man-in-the-middle (MiTM) attack, an attacker could downgrade an encrypted TLS session forcing clients to use SSL 3.0 and then force the browser to execute malicious code. This code sends several requests to a target HTTPS website, where cookies are sent automatically if a previous authenticated session exists. This is a required condition in order to exploit this vulnerability. The attacker could then intercept this HTTPS traffic, and by exploiting a weakness in the CBC block cipher in SSL 3.0, could decrypt portions of the encrypted traffic (e.g. authentication cookies).

Due to the nature of POODLE as a design flaw, it’s not something that can easily be patched. Therefore, most experts are saying that you’re better off disabling SSL 3.0 for their web browsers. Most servers don’t rely on SSL 3.0 anymore, which makes it obsolete. In fact, most major browsers are looking to disable SSL 3.0 completely within the next few months. Firefox is fixing the issue with the November upgrade, while Google is working to disable SSL 3.0 on all of its products. This makes the vulnerability obsolete for two of the biggest browsers, but what about Internet Explorer?

Turns out Microsoft has a way to fix that one, too. Microsoft has released a Fix It tool, which can help users disable SSL 3.0 without navigating through their Control Panel. Just click here for the tool on their official website. Otherwise, you must disable SSL 3.0 and enable TLS 1.0, 1.1, and 1.2. Follow these steps to do so:

poodle in blog 1

In the Internet Explorer Tools menu (or your PC’s Control Panel), click Internet Options.

poodle in blog 2

In the Internet Options window, click the Advanced tab.

poodle in blog 3

Scroll down to the Security section. Notice there are checkboxes next to the available SSL and TLS options. Uncheck Use SSL 3.0, and check the following: TLS 1.0, TLS 1.1, and TLS 1.2. Be sure to check all of the TLS versions. Failing to do so could result in connection errors.

Finally, click OK, exit, and restart Internet Explorer. This allows Internet Explorer to refuse a connection with any servers which only support SSL, which ensures that the web traffic isn’t vulnerable to the POODLE vulnerability.

VisiCom Services believes that quality security is key to a minimal-risk online environment. This fix isn’t a viable replacement for the latest security updates and patches, so you will want to ensure that you are always running the most up-to-date versions of your software, applications, and especially your operating system.

VisiCom Services can apply all of these patches for your business’s systems so you don’t have to. Call us today at 248.299.0300 to learn more.

Continue reading
0 Comments

Are Ghosts Haunting the Halls of Your Servers?

b2ap3_thumbnail_haunted_pc_400.jpgThough not everyone believes them, we all know about the horror stories of the spirits of the dead that linger in this world, haunting locations where no one dares to tread. Every culture, though their beliefs vary, contains them to some degree. Their purpose is unknown, and they are thought to be caused by unfulfilled desires or regrets. But regardless of whether or not you believe in them, you better believe that your business can very well be haunted by ghost servers.

Continue reading
0 Comments

Warning: Updated Cryptowall Ransomware Strikes Again

b2ap3_thumbnail_ransomware_attack_400.jpgAs a business owner, you want to take every precaution against the latest threats that can affect your way of life. An updated threat called Cryptowall 2.0 (previously known as Cryptolocker) has been cut loose by malware developers, and it's capable of dealing irreparable damage to your business's network and data. This spear-phishing variant has the power to grind your network's files to dust, and in turn, your productivity.

Continue reading
0 Comments

Tip of the Week: How to Protect Yourself from IT Equipment Theft

b2ap3_thumbnail_it_equipment_theft_400.jpgHow often do you deal with your company-owned IT equipment? Some businesses keep detailed records of their equipment and use security measures and policies to prevent theft; but if your business doesn't protect its equipment, you could be digging a hole into your budget without realizing it.

Continue reading
0 Comments

Caution: New Bash Bug Vulnerability Might Leave You with Shellshock

b2ap3_thumbnail_bash_bug_vulnerability_400.jpgFor users of Unix-based operating systems, there's a new threat on the loose. The vulnerability, promptly called the Bash bug, or "shellshock," is targeting systems equipped with Linux and Mac OS X. The bug allows remote users to execute arbitrary code within the operating system.

Continue reading
0 Comments

Half of Your Employees Would Steal from You if Fired

b2ap3_thumbnail_former_employee_theft_400.jpgIn a survey by Cyber-Ark, close to half of employees interviewed admitted that if they were fired tomorrow, they would take with them their former company's proprietary data. This is a shocking revelation considering how much you trust your current staff, maybe even to the point of referring to them as "family." What can you do to protect your business from a former employee with ill intentions?

Continue reading
0 Comments

In Light of Major Retail Hacks, Protect Your Credit Card Numbers

b2ap3_thumbnail_protect_your_credit_card_400.jpgThe Target data breach seems but a distant memory now, yet the same malware strikes again, this time at Home Depot. The hacking attack targeted the millions of credit and debit cards used at these large retailers, but these attacks could have been mitigated with proper precaution.

Continue reading
0 Comments

4½ Million Medical Records Compromised. Are Your Health Secrets Safe?

b2ap3_thumbnail_healthcare_hacker_400.jpgWe've got yet another major data breach to report that affects millions of users, this one of a very personal nature. This week, it was revealed that Chinese hackers compromised 4.5 million medical records from Community Health Systems, a hospital network with 206 facilities in the United States. Ask your doctor today if identity theft prevention is right for you.

Continue reading
0 Comments

Are You Being Hacked by Your Neighbor’s Cat?

b2ap3_thumbnail_hacked_by_neighbors_cat_400.jpgYes, you read that title right. If your WiFi isn't protected, you can be hacked by the furry little creature that wanders around your backyard when you're not home. Coco, a Siamese cat from Washington, D.C., was able to discover dozens of weak or unprotected WiFi networks in his neighborhood with his high-tech collar.

Continue reading
0 Comments

Malware BadUSB Challenges Our Dependency on USB Technology

b2ap3_thumbnail_usb_malware_400.jpgYour office is likely full-to-bursting with devices utilizing USB technology. It's been a popular way to connect external devices to PCs since the 1.1 version was released in 1998. However, it may be the technology's popularity that will cause its downfall as hackers develop ways to use the device to their advantage.

Continue reading
0 Comments

Is Antivirus on Its Last Leg?

b2ap3_thumbnail_does_antivirus_still_protect_you_400.jpgAll of the recent vulnerabilities and bugs over the past few months, such as Heartbleed, GameOver Zeus, and the zero-day Internet Explorer vulnerability have many people thinking - just how strong is antivirus in the face of such threats? Symantec told The Wall Street Journal their opinion on the subject: Antivirus is "dead."

Continue reading
0 Comments

Avast Recovers Hundreds of Naked Pictures from Secondhand Android Smartphones

b2ap3_thumbnail_cell_phone_data_400.jpgSmartphone users routinely cycle out their old device for a new one every two years or so. When it's time to upgrade, many users see an opportunity to sell their old phone for extra cash. However, a device that's improperly wiped of its data could lead to identity theft if the data is recovered by the new owner.

Continue reading
0 Comments

Would Anti-Surveillance Technology Prevent NSA Spying, or Weaken National Security?

b2ap3_thumbnail_you_are_being_watched_400.jpgOn Saturday, July 21st 2014, the Hackers on Planet Earth (HOPE) conference took place in New York City. It's a place where hackers discuss ways to improve the society in which we live. One of the more controversial panelists, Edward Snowden, has suggested hackers pool their efforts into creating anti-surveillance technology to decrease government espionage.

Continue reading
0 Comments

Apple Enthusiasts, Look Out: iOS May Sport Hidden Backdoors for Apple and Law Enforcement

b2ap3_thumbnail_ios_has_vulnerabilities_400.jpgApple's iOS operating system is notorious for being fairly secure from external attacks, but what about internal threats? There have been reports of backdoors being found in the operating system, which allow Apple and subsidiaries of the law (i.e. the NSA) to access devices that run it.

Continue reading
0 Comments

Hackers Want to Keep You in the Dark

b2ap3_thumbnail_hackers_want_to_take_everything_400.jpgWhen it comes to hackers, they are shrouded in darkness and treachery. They lurk in the shadows, waiting for us to make a mistake and to steal our life savings, or other equally nefarious things. But there are a few assumptions that they make concerning their prey, and they wish to hide these from us at all costs.

Continue reading
0 Comments

Alert: Cryptolocker Threat Returns with a Vengeance!

b2ap3_thumbnail_warning_malware_400.jpgTwo weeks ago, the National Communications Administration managed to weaken a set of malware designed to steal banking and personal credentials from unsuspecting users. They warned the world that GameOver Zeus and Cryptolocker ransomware would be back with a vengeance, and that immediate action could prevent a whole lot of pain later.

Continue reading
0 Comments

Danger: GameOver Zeus Botnet Threatens Windows Users

b2ap3_thumbnail_gameover_botnet_400.jpgA new botnet threat could spell "game over" for unaware Windows users - the threat targets almost all versions of Windows and Windows Server (excluding Windows 8.1). Even though the Department of Homeland Security, Federal Bureau of Investigation, and Department of Justice have disrupted it, users are still at risk. Thankfully, they still have time - two weeks, until the threat returns.

Continue reading
0 Comments

Protect Your Little Bundle of Joy, Before You Get a Bundle of Terror Instead!

b2ap3_thumbnail_protect_your_family_400.jpgToday's home has all sorts of conveniences when it comes to security and wireless devices, such as mobile-controlled security systems, temperature gauges, and light switches. These devices can also be connected to the Internet for ease of access. You think it's safe behind passwords, firewalls, and security applications, but you're wrong. Anything that's connected is at risk - even baby monitors.

Continue reading
0 Comments

For Hackers, Microsoft Security Patches are Roadmaps to Access Your Data

b2ap3_thumbnail_windows_eight_point_one_400.jpgLately, there's been a string of computer security issues making the news, like the vulnerability found within Internet Explorer, the Heartbleed bug, and the host of issues associated with the recently-expired Windows XP. Is it possible that the security patches issued by Microsoft are making the problem worse for users of older systems like Windows XP?

Continue reading
0 Comments

Alert: Siri’s Leaking Secrets - iPhone Lock Screen Vulnerability

b2ap3_thumbnail_ios_vuln_400.jpgApple's iOS 7.1.1. operating system has been affected by a series of bugs throughout this month. The first bug was emails being sent unencrypted, but now a new threat lurks in the shadows - a lock screen flaw that allows hackers to access your contacts list without unlocking the phone.

Continue reading
0 Comments

Sign Up For Our Newsletter

Powered by ChronoForms - ChronoEngine.com

Mobile? Grab this Article!

QR-Code dieser Seite

Recent Comments

Tip of the Week: Tip of the Week: Mirror or Cast Your Android Device’s Screen
14 September 2017
Usually I don't refer spending time like these categories subjects and website but really the blog w...
Tip of the Week: 4 Google Chromecast Features that May Surprise You
05 September 2017
I’m really satisfied to find this site.I need to thank you only for this brilliant read!!I unquestio...
Microsoft OneNote May Be the Best Note-Taking Tool on the Market
27 June 2017
I blog frequently and I really value your substance. The article has really crested my advantage. I ...

Latest Blog Entry

14 November 2018
Visicom Blog
How To
While running a business can be quite rewarding on a professional level, it can be extremely challenging, with countless obstacles to overcome--particularly in regard to technology and its management....

Latest News

Contact Us

Learn more about what VisiCom Services can do for your business.

callphone

Call us today    248.299.0300

2534 S Rochester Road
Rochester Hills, Michigan 48307

#