SSL POODLE Advisory for Verizon Conferencing services - November 21, 2014
November 21, 2014
Subject: SSL POODLE Vulnerability for Verizon Conferencing Services
Dear Verizon Conferencing Customer:
POODLE "Padding Oracle On Downgraded Legacy Encryption" (CVE-2014-3566) is the name for a type of attack that uses a vulnerability for an old, and for the most part not used, encryption protocol, SSLv3 that is used to secure connections to remote computers over the internet.
There are more up to date encryption protocols that should be used in place of SSLv3 including TLS 1.0, TLS 1.1 and TLS 1.2. Most applications / systems should disable SSLv3 support and switch to TLS
Verizon is fully aware of the POODLE vulnerability and is taking proper action to address the vulnerability with priority focus by conducting comprehensive due diligence activities across our enterprise, including:
Further, Cisco and Microsoft have notified Verizon of the SSL POODLE security advisory related to the Cisco WebEx suite of products and the Microsoft® Office Live Meeting product. Cisco has provided a website where you can track their on-going updates below. Microsoft remediated our Microsoft Office Live Meeting servers on October 23rd.
The Cisco advisory is available at the following link
If you have any further questions or concerns, don't hesitate to contact your Verizon Conferencing account manager for further information.
Customer questions for net conferencing products are being directed to Conferencing Support at firstname.lastname@example.org or 866-449-0701. Also, you may submit your inquiry via the following Contact Us link.
Thank you for choosing Verizon Conferencing
Verizon Conferencing Support