SSLv3 POODLE vulnerability on your server and the fixes

The SSLv3 Poodle vulnerability which was released on October 14th 2014, is an attack on the SSL 3.0 protocol and it is completely protocol based vulnerability.

POODLE stands for “Padding Oracle On Downgraded Legacy Encryption”. The padding attack happens when a plain text is converted to ciphertext. The plain text message often has to be expanded to be compatible with the underlying cryptographic structure and the leakage of data mainly occur during the decryption of the cipher text.

The SSLv3 poodle vulnerability allows a man-in-the-middle attacker to decrypt ciphertext using a padding oracle attack. Continue reading…

CalDAV and CardDAV in cPanel 11.50

As we are aware, cPanel has introduced the latest stable version cPanel 11.50.

Many new features are implemented in the latest version , which includes but are not limited to :.

  • Support for CentOS 7 on fresh installations
  • Synchronized Calendar & Contacts
  • Greylisting : Protect your server against spam, Greylisting defers email received from new, unknown triplets
  • Passive OS fingerprinting (p0f) : Improved the GeoIP identifier and added operating system and other information to email notifications. This information helps you quickly identify users that trigger events.
  • Changes to new cPanel user system IDs : Changed the possible numbers for new cPanel accounts’ User IDs (UIDs) and Group IDs (GIDs).

In this article, let’s see more about synchronizing Calendar & Contacts using CalDAV and CardDAV. Continue reading…