A blog on Computer Science, Security, Programming, and more...

HeapSpray Blog » Security » View Post

20
Oct
2014

(TA14-290A) SSL 3.0 Protocol Vulnerability and POODLE Attack

Written by Matt

Release by US-CERT. Another protocol downgrade attack. Similar to the OpenSSH downgrade attack from years ago. Of course, OpenSSL is the culprit again, as was with Heartbleed. What's the point of providing broken security for "legacy" reasons? It's broken.

Link with details of the issue: https://www.us-cert.gov/ncas/alerts/TA14-290A

Topic: Security tags: exploits, US-CERT, openssl, advisories
  • Name and Email fields are optional
  • Your email will not be public, only the administrator can see it
  • You are rate limited to one comment for every 10 minutes