Wednesday, October 01, 2014
No Millennia Group servers, network appliances, or network connected devices were ever affected by the recently disclosed "Shellshock" bug (CVE-2014-6271). Shellshock affects an open-source scripting language known as Bash that is widely used in many operating systems (Linux, Mac, Unix) and network devices (firewalls, routers). No Millennia devices or equipment currently run or have ever run any version of Bash and are entirely unaffected. For more detailed information about how Shellshock works, see fedoramagazine.org.
POODLE (SSL v3 vulnerability)
Google recently discovered and disclosed "POODLE" (CVE-2014-3566), a vulnerability in an older version of the SSL protocol (SSL 3.0) that could allow secure connections to be decrypted by an attacker. Millennia Group has taken steps to protect its customers from exploitation of this vulnerability by disabling any usage of SSL 3.0 on any of our servers. A more modern and secure protocol (TLS) has always been available and utilized for secure connections to Millennia Group websites, and Millennia Group will continue to support the best available protocols for secure connections to its websites and servers. For more information about POODLE, see googleonlinesecurity.blogspot.com.au.