Sales
0161 215 3814
0800 953 0642
Support
0800 230 0032
0161 215 3711

One Day, Two Scares, Zero Drama

It’s not Halloween yet guys, so – despite a new flaw and bug being brought to light in the same day – it’s not quite time to split up and head for the extremely suspect looking house/forest/fairground like a bunch of reckless teens in a horror film. Yesterday news of two new scares came out – dubbed SSL Poodle and SandWorm respectively – but are they things we should be worried about or just more scaremongers with c-grade nicknames trying to make a rep’ for themselves under the bright lights of the internet?

hacking-spying

SandWorm

OK, first up we have SandWorm – a bug that targets Windows and has a limited reach. We’re talking low/medium risk, but a risk nonetheless. It got its nickname from references to the sci fi series Dune found in the software code.

The good news is that it only affects anyone opening an infected doc – mostly PowerPoint – so, as usual, good online safety practices are encouraged, and don’t open the door to the wolves.

Microsoft has issued update KB MS14-060 to patch these issues for all servers with Microsoft Office installed.

Next Steps:

If you use UKFast update servers you don’t need to take any action; this update is already available on our update systems and will be applied to your server in the normal windows update cycle over the next 72 hours.

SSL Poodle

Don’t be deceived by the slightly more ‘cuddly’ name of our second vulnerability Poodle (Padding Oracle on Downloaded Legacy Encryption) – this bad boy is a little more serious.  It’s found in SSL 3.0 protocol, which is a legacy system used to encrypt communications.  It can be used to let hackers grab session cookies over HTTPS connections (basically decrypting sensitive information as it passes between supposedly secure points). But chill your beans, because this man in the middle attack (MiTM) isn’t as bad as Heartbleed or Shellshock, and is harder to exploit in the wild unless you have access to the network at both ends.

The quickest way to secure your server is to disable SSL v3, this will completely eliminate the vulnerability but will cause issues with IE6 users connecting to your website

Google has removed SSL 3.0 support for Chrome. Websites and other browsers are also expected to end support for SSL v3 as it’s now considered insecure by design, and instead enforce the use of TLS for HTTPS connections.

Computer security expert Robert Graham said: “POODLE allows the hacking of clients – your web browser and such. If Heartbleed or Shellshock merited a 10, then this attack is only around a five.

“What the hacker will try to do is hack your session cookies. That means they won’t get your password for your account, but they will be able to log in as you into your account. Thus, while you are at Starbucks, some hacker next to you will be able to post tweets in your Twitter account and read all your Gmail messages.”

Next Steps:

A good guide for patching your Linux and Windows Servers can be found at:

Linux

http://askubuntu.com/questions/537196/how-do-i-patch-workaround-sslv3-poodle-vulnerability-cve-2014-3566

Windows

Simply edit your registry with the following settings and reboot:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server]

“Enabled”=dword:00000000

“DisabledByDefault”=dword:00000001

If you have any questions please contact support.

If you have any questions about security solutions at UKFast take a look at our website or give us a call on 0800 045 4945.

Share with:

Enjoy this article?