OpenSSL man-in-the-middle vulnerability – Network Gateway product patch information

On June 5th, 2014 a vulnerability (CVE-2014-0224) was found in OpenSSL that impacts our network security products. Fortunately, as of the publication of this article, there are no known in-the-wild attacks. Of course, as you’ve come to expect from Sophos, we’ve wasted no time in getting to work on patches to fix this vulnerability.

The vulnerability exists in OpenSSL and can allow an attacker using a man-in-the-middle attack to decrypt and modify traffic between a vulnerable client and server. Both client and server must be vulnerable for this exploit to work. OpenSSL versions 1.0.1 and 1.0.2-beta are affected.

Continue reading

Sophos Web Appliance now offers Quota Time and ATP

web-appliance-150We’ve recently added a couple of great new features to the Sophos Web Appliance. Enforcement of quota time policies is perhaps one of the most requested features of all time, and like everything else in the Web Appliance, you’ll love how easy it is to manage.

We’ve also recently introduced Advanced Threat Protection (ATP) to quickly identify potentially infected hosts on your network before they can become more of a problem. These new features are included in the latest versions of the Sophos Web Appliance which you’ll receive automatically during your specified update window.

Continue reading