SSL POODLE Advisory for Conferencing services - November 21, 2014

November 21, 2014

Subject: SSL POODLE Vulnerability for Conferencing Services

Dear Conferencing Customer:

POODLE "Padding Oracle On Downgraded Legacy Encryption" (CVE-2014-3566) is the name for a type of attack that uses a vulnerability for an old, and for the most part not used, encryption protocol, SSLv3 that is used to secure connections to remote computers over the internet.

There are more up to date encryption protocols that should be used in place of SSLv3 including TLS 1.0, TLS 1.1 and TLS 1.2. Most applications / systems should disable SSLv3 support and switch to TLS.

The Conferencing Center is fully aware of the POODLE vulnerability and is taking proper action to address the vulnerability with priority focus by conducting comprehensive due diligence activities across our enterprise, including:

•  • Discovery  -  assessing our networks & systems to identify where the vulnerability exists
•  • Device inventory  -  identifying affected systems by type and applicable vendors.
•  • Remediation  -  if any instances are found where SSLv3 (or earlier versions) is still enabled, we will take prompt action to disable SSL 3.0 and enable TLS 1.0, TLS 1.1, and TLS 1.2 wherever possible based on risk assessment of class and type of machine, with priority given to the most critical systems and networks

Further, Cisco and Microsoft have notified Conferencing Support of the SSL POODLE security advisory related to the Cisco WebEx suite of products and the Microsoft® Office Live Meeting product. Cisco has provided a website where you can track their on-going updates below. Microsoft remediated our Microsoft Office Live Meeting servers on October 23^rd.

The Cisco advisory is available at the following link

• http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-poodle

If you have any further questions or concerns, don't hesitate to contact your Conferencing account manager for further information.

Customer questions for net conferencing products are being directed to Conferencing Support at nettech@verizon.com or 866-449-0701. Also, you may submit your inquiry via the following Contact Us link.

Conferencing Support
HOST: pdcmmmp02/127.0.0.1