Now you might be saying "hey you already showed us this document" but not only has it been updated in the last week, it has some new tools for our toolbox! Revisit MOS article "ALERT - Mitigating the SSLv3 “POODLE” Vulnerability in Oracle Linux (CVE-2014-3566)" via note ID 1940202.1 and find out how to use command line checks to verify what SSL versions are being used! Why is this useful? Well what if you wanted to make one file that dials out to all your servers just to gather data about them? It would be nice to know if they were potentially vulnerable to something like this, right? Now you can if you run these commands!
Of course this also has detailed steps, patches, and setups required to turn off SSL for many different types of software!
No comments:
Post a Comment