Web encryption bug ‘Poodle’ has trotted out in the wake of Heartbleed, Shellshock and Sandworm — all pun-worthy names for potentially very serious problems.
While predicted to wreak less havoc than its cohorts, the same key lesson applies for organisations across the globe says Digital Craftsmen MD Simon Wilcox: if your IT infrastructure isn’t being proactively maintained, you are leaving yourself open to attack.
The onus is on systems administrators and hosting companies to ensure websites aren’t compromised and users exploited, says Wilcox.
“If you’re just buying Infrastructure as a Service this sort of issue is not going to be fixed for you,” comments the Digital Craftsmen MD.
“But when you’re using a managed hosting provider such as Digital Craftsmen, the team has ‘got your back’ and can fix these things before they become an issue.”
Poodle has teeth, but its bite lies in a sliver of encryption protocol that’s nearly two decades old.
The worry is that a simple software bug could allow hackers to force an internet user’s connection to downgrade to SSL 3.0, an 18-year-old encryption protocol.
The pay-off? A downgrade would give a hacker access to cookies, the data stored on your browser spanning all sorts of personal information such as usernames and passwords.
“When one of our clients was potentially exposed to a viral attack,” continues Wilcox, “we immediately identified the threat and made sure that it was neutralised. This is what a hosting partner does: spot an issue before it becomes a problem.”