Oct 14 2014

Wake up to a POODLE puddle

Published by at 10:20 pm under Encryption,Hacking,Security Advisories

TL:DR – Disable SSL immediately.

As of this morning SSL appears to be dead or at least dying.  The POODLE vulnerability in SSL was released last night, basically revealing a vulnerability in the way that SSL v3 uses ciphers and allows an attacker to make a plain-text attack against the encrypted traffic.  This makes the third major vulnerability released on the Internet this year and is another warning that this level of vulnerability discovery may be the new shape of things to come.

I’m not going to try to explain POODLE in detail, or give you a nice logo for it.  Instead I’ll just point to the better articles on the subject, a couple of which just happen to be written by my teammates at Akamai.  I’ll add more as I find them, but this should tell you everything you need to know for now.

Update: It’s estimated that SSLv3 accounts for between 1% and 3% of all Internet traffic.

And since there’s not an official logo for it yet, I present …. The Rabid Poodle!

Rabid Poodle

Rabid Poodle

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

3 responses so far

3 Responses to “Wake up to a POODLE puddle”

  1. […] Lane: Wake up to a POODLE puddle. Kudos to Martin for coming up with a list of links of everything you need to know about POODLE […]

  2. Brendon Rosson 28 Dec 2014 at 4:29 pm

    The fact that you include a Too Long, Didn’t Read version is splendid. It’s really great for those of us who don’t always understand the extremely technical side of network security

    Cheers mate

  3. iCompufone.com Hackers Websiteon 23 Apr 2015 at 6:50 am

    POODLE puddle SSL Vulnerability

    POODLE puddle SSL VULNERABILITY , DISABLE SSL TODAY! SSL is becoming quite buggy and from 14th’s of October ; Hackers have discovered another vulnerability in the SSL 3.0 Encryption. Whats behind this POODLE puddle SSL Vulnerability? SSL uses cip…

%d bloggers like this: