On October 14, 2014, security analysts from Google announced an issue with SSL 3.0 the exploit allows for "secure traffic" to be viewed in plain text.

iDashboards In Cloud Status

To address the newly-discovered SSL 3.0 security vulnerability iDashboards has promptly disabled SSL 3.0 on all of our Cloud servers.  HTTPS is still enabled via other security protocols and traffic will continue to be encrypted via these protocols.

<br/>

Our Advice

Protect Your Browser

Disable SSLv3 on your browser. This will also protect you from sites that use SSL 3.0.

If you have Chrome/Firefox updated you can use newer protocols like TLSv1 or above. If you have Internet Explorer 7 or less then experts recommend that you upgrade your browser to a newer version or use another browser/operating system.

In Firefox, this can be done by going to about:config and setting 'security.tls.version.min' to 1.

<br/>

Informational Links

• http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html
• https://www.openssl.org/~bodo/ssl-poodle.pdf
• https://access.redhat.com/articles/1232123
• http://marc.info/?l=openssl-dev&m=141333049205629&w=2

<br/>

OpenSSLs Update Notes

• https://www.openssl.org/news/secadv_20141015.txt