You’ve seen the headlines about POODLE alongside images of menacing fluffy dogs. We have an update on the current extent of the breach as well as a tool enterprises can use to quantify exposure to POODLE within their own corporate environments.
Last week, we wrote about the POODLE vulnerability first reported on October 14 by three Google security researchers (see original post here). Our blog post provided a POODLE 101 breakdown, explained the risk of this particular SSL vulnerability, and recommended the steps you can take to protect your company’s data.
As of this posting, the number of cloud services that are vulnerable to POODLE has dropped from 4,704 to 2,844. This means that 2,844 of cloud providers have not yet addressed POODLE with a fix, alarming security experts that expected quicker resolution on the part of major cloud service providers. Skyhigh recommends that these providers start looking at their SSL stack configuration and disabling previous versions of SSLv3.
Skyhigh has identified the cloud service providers that are still at risk of getting their SSL v3 connections hijacked and decrypted. We’re offering a free POODLE audit to any organization interested in understanding their services in use that are still vulnerable. Email us at firstname.lastname@example.org to get started.