Information about the Browser Exploit Against SSL/TLS (BEAST) Attack was released in September 2011 and involved attacking the lack of security in particular implementations of TLS 1.0 traffic. This vulnerability has been pretty much mitigated today (Dec, 2014), however there are still some older, non-updated systems out there that are vulnerable to this attack. The table below lists the earliest version of the products that have mitigated the BEAST Attack (and yes, Apple took an inordinately long time to patch for this vulnerability):
|Apple iOS||iOS 7.0|
|Apple OS-X||OS-X 10.9 (Mavericks)|
|Google Chrome||Version 16|
|Microsoft Windows||MS12-006 on Windows 7/Server 2008 R2 and older|
|Mozilla Firefox||Version 10|
Following on from the BEAST Attack were the CRIME and BREACH attacks which, too, have been mitigated in current browsers and are a low-grade threat at worst these days.
For an easy to understand explanation of the Heartbleed bug, have a read of this XKCD comic. To see if your website is affected by the Heartbleed bug, have a look at https://lastpass.com/heartbleed/ (Heartbleed bug only) and https://www.ssllabs.com/ssltest/index.html (Heartbleed and more). Any site that you go to that uses the "https" protocol can be checked to ensure it is running a version of OpenSSL that is not vulnerable to this attack. If the site *still* has not been updated, I'd suggest speaking with the vendor, outing them in social media and removing your account and changing any passwords and/or information that was stored in that site.
To read more on the POODLE Attack and how to ensure you're doing everything you can to protect against it, have a read of https://scotthelme.co.uk/sslv3-goes-to-the-dogs-poodle-kills-off-protocol/ and then go to https://www.poodlescan.com/ and https://www.ssllabs.com/ssltest/index.html to confirm your server mitigations have been invoked. There's also a funky little tool from Nartac Software called IISCrypto that can help you properly configure your Windows IIS to mitigate against POODLE and other vulnerabilities.
The table below lists the earliest version of the products that have mitigated the POODLE Attack:
|Apple iOS||iOS 8.1|
|Apple OS-X||OS-X Security Update 2014-005 (Mavericks & Mountain Lion)|
|Google Android||Chrome - still waiting|
|Google Android||Samsung Browser - still waiting|
|Google Chrome||Version 39|
|Microsoft Windows||Temporary Fix it released, also shows Group Policy fix|
|Mozilla Firefox||Version 34|
If you want to see if your client (browser) is susceptible to the POODLE Attack, go to https://www.poodletest.com/. If your browser is vulnerable, don't trust it to keep your data secure.
The Outspoken Wookie