Thursday, 16 October 2014
A vulnerability in SSL version 3.0 (SSL3.0), CVE-2014-3566, known as "POODLE" was announced on 14 October 2014. This vulnerability allows the plaintext of secure connections to be calculated by a network attacker.
SSL 3.0 is nearly 18 years old, but support for it remains widespread. Most importantly, nearly all browsers support SSL 3.0 and browsers will retry failed connections with older protocol versions, including SSL 3.0 to work around bugs in HTTPS servers. A network attacker can cause connection failures and because of this, they can trigger the use of SSL 3.0 and then exploit this issue.
Reference material can be found here:
Generic advisory is that SSL 3.0 should be disabled in all affected applications, in favor of the newer encryption mechanism TLS (Transport Layer Security).
source text: www.ssh.com
It is interesting that many are regarding this latest NotPetya attack as Cyberwarfare and not Ransomware. The main reasons for this assump...
Off topic.......configuring the zmodo ZP-IBi-13W camera to work with Blue Iris Software. Many people have had issues getting these cameras...
So it looks like the Government will finally get the law passed requiring websites to retain all user browsing activity logs for a minimum o...
After Trend Security Researchers discovered two new flaws in Quicktime they contacted Apple to report the issue. Apple allegedly respond...