Tag: poodle

When it comes to online banking, sub-optimal encryption isn’t our biggest concern

Malware authors and scammers won’t attack the crypto. Under the headline “no zero-day necessary”, Xiphos has published a rather scary blog post on the state of SSL security within the UK’s finance industry. It concludes that more than 50% of UK-owned retail banks have weak SSL implementations on their online banking sites, with 14% of…

January 6, 2016
POODLE is the brown M&Ms of security

Just because it won’t be exploited, doesn’t mean you shouldn’t patch it. There is a famous story about the rock band Van Halen whose lists of requirements when performing a show included some M&Ms — but “absolutely no brown ones”. The story is true and has little to do with childish rock star behaviour. The…

April 30, 2015
POODLE attack forces the Internet to move away from SSL 3.0

Users and administrators urged to stop supporting the protocol, or at least to prevent downgrade attacks. After Heartbleed and Shellshock, or the SSL/TLS attacks CRIME and BEAST, ‘POODLE’ does sound rather cute. Yet the vulnerability in version 3.0 of the SSL protocol that was disclosed by Google researchers yesterday is fairly serious and shouldn’t be…

October 15, 2014