Another one like Heartbleed?
Yes after Heartbleed and Shellshock, we have another threat. This one like Heartbleed allows plaintext view of SSL info for a Man-in-the-middle attack. What that means is info sent over a private channel, can be read in plain text. Private stuff like transactions and online banking.
It affects servers and browsers and if you use Google Chrome you have already been patched, with Firefox patching on a nightly update this evening (Oct 14). Servers will need to have the 3.0 fallback deprecated and removed. If you are one of our clients you have already been patched, if not we can check your Linux based system (most servers are Linux) for you, contact us here. If you are server savvy and want to do the 3.0 fallback on a Debian based system then keep reading. Take note that the elimination of fallback to 3.0 can affect older or newer browsers that have not been patched.
Poodle SSL 3.0 fallback fixes for Ubuntu / Debian Linux
Nginx Server fix Ubuntu / Debian
ssl_protocols: TLSv1 TLSv1.1 TLSv1.2
//restart the server below
sudo service apache2 restart
Apache Server fix Ubuntu / Debian
SSLProtocol All -SSLv2 -SSLv3
//restart the server below
sudo service apache2 restart
Postfix SMTP
smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3
//restart postfix
sudo postfix restart
You can also get the patch info for the Open SSL 1.0.1 branch here.