Choose your language preference Choose your language preference Choisir votre préférence de langue Wählen Sie Ihre Sprache あなたの言語好みを選びなさい

SSL POODLE Advisory for Conferencing services - November 21, 2014


November 21, 2014

Subject: SSL POODLE Vulnerability for Conferencing Services

Dear Conferencing Customer:

POODLE "Padding Oracle On Downgraded Legacy Encryption" (CVE-2014-3566) is the name for a type of attack that uses a vulnerability for an old, and for the most part not used, encryption protocol, SSLv3 that is used to secure connections to remote computers over the internet.

There are more up to date encryption protocols that should be used in place of SSLv3 including TLS 1.0, TLS 1.1 and TLS 1.2. Most applications / systems should disable SSLv3 support and switch to TLS.

The Conferencing Center is fully aware of the POODLE vulnerability and is taking proper action to address the vulnerability with priority focus by conducting comprehensive due diligence activities across our enterprise, including:



Further, Cisco and Microsoft have notified Conferencing Support of the SSL POODLE security advisory related to the Cisco WebEx suite of products and the Microsoft® Office Live Meeting product. Cisco has provided a website where you can track their on-going updates below. Microsoft remediated our Microsoft Office Live Meeting servers on October 23rd.

The Cisco advisory is available at the following link


If you have any further questions or concerns, don't hesitate to contact your Conferencing account manager for further information.

Customer questions for net conferencing products are being directed to Conferencing Support at nettech@verizon.com or 866-449-0701. Also, you may submit your inquiry via the following Contact Us link.

Conferencing Support
HOST: ndcmmmp02/127.0.0.1