Wednesday 21 January 2015

Oracle Java SSL 3.0 Switches Off


To protect users from attack Java, Oracle SSL 3.0 disabled in the software. The measure is part of the security update that appeared Tuesday. "This Critical Patch Update disables the standard use of SSL 3.0. SSL 3.0 will be considered an obsolete protocol and this situation is exacerbated by the POODLE-leak. As a result, this protocol widely attacked by malicious hackers," says Eric Maurice Oracle.

The POODLE-vulnerability in SSL 3.0 ensures that an attacker who between a user and the Internet to know places, for example in an open Wi-Fi network, can steal information from encrypted connections, such as session cookies. Maurice gives organizations advised to discontinue use of all SSL versions, as it is no longer the safe communication between systems can be trusted.

Also Oracle customers have to change their code and switch to a more secure protocol such as TLS 1.2. Oracle employee further notes that Oracle in the future SSL in all Oracle software will turn off. Besides disabling SSL 3.0 update also fixes 19 vulnerabilities in Java, which in the worst case, an attacker can give full control over the system.

No comments:

Post a Comment