Jump to content
Slate Blackcurrant Watermelon Strawberry Orange Banana Apple Emerald Chocolate Marble
Slate Blackcurrant Watermelon Strawberry Orange Banana Apple Emerald Chocolate Marble
Sign in to follow this  
Rss Bot

Secunia: Poodle - a bigger threat in theory

Recommended Posts

By Poul Wann, Security Specialist There has recently been a lot of attention given to the security issue commonly referred to as POODLE (Padding Oracle On Downgraded Legacy Encryption) against the SSL v3 protocol. This security issue, due to its nature as a weakness within a protocol, affects many applications and devices. SSL v3 was introduced by Netscape in 1995 and has been replaced in 1999 by TLS v1.0 which itself has seen continuous updates and refinements, most recently in 2008 with TLS v1.2. Each revision has introduced security hardening and better algorithms. While there has been ample time to migrate away from SSL v3, it is still widely supported. The POODLE security issue allows decryption of captured SSL v3 traffic by means of issuing multiple attacker-controlled requests and analyzing server responses via a Man-in-the-Middle attack. While the flaw in SSL v3 is serious, a proper attack requires tricking a...

View the full article

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

×