Poodle vulnerability

Poodle Vulnerability 

Padding Oracle On Downgraded Legacy Encryption (POODLE)

The poodle vulnerability has been around as an exploit since 2014.It led to an attack which led to completely disabling SSL 3.0 on the client and server-side to prevent hackers from making use of this man-in-the-middle attack. 2014 also brought us Heartbleed bug, BERserk, and FREAK exploits. That might seem like ancient history in cybersecurity. But history has a freaky way of repeating itself.poodle anime

In 2016 the DROWN attack took advantage of support for SSLv2 protocol and exposed the weakness in more than 81,000 of the top 1 million most popular websites.  As we get closer to 2017, the odds are increasing that the number of exploits will continue to rise.

Krebs is usually a good source of the most up to date info. But it remains a race, and I’m not always sure we’re winning.  http://krebsonsecurity.com/

Poodle in the Park
Black standard poodle

In the meantime, here’s some pictures of poodles to lighten the mood! This is Cleaver Black – destroyer of dragons (blue stuffed ones).

Sleepy Poodle
Let Sleeping Poodles Lie
Poodle in the park
Happy poodle

 

Portrait of a young poodle
Portrait of a young poodle
Cleaver - Destroyer of (toy) dragons
Cleaver – Destroyer of (toy) dragons

Published by

Alex Weblng

BSc, BA (Hons), Gdip Comms, GdipEd, ZOP Alex has 20 years of experience in the Australian Government working in the fields of national security, information and cyber-security, counter-terrorism, , nuclear science, chemical and biological security, protective security and critical infrastructure protection, identity security, biometrics, and resilience. Alex was the foundation Director of the Australian Government computer emergency response team, GovCERT.au (later CERT Australia). He developed and project managed a world first program to train CERTs in developing APEC countries. Alex set up the Trusted Information Sharing Network Resilience Community of Interest in 2008 and produced the first Australian Government Executive Guide to Resilience. Head of Protective Security Policy in 2010, Alex was responsible for launching the revised Protective Security Policy Framework and the single information classification system for the Australian Government. Alex has both significant experience and tertiary qualifications in the CBRN (Chemical, Biological, Radiological and Nuclear) area. He was head of the Chemical Security Branch of the Attorney-General’s Department; responsible for nuclear policy during the construction of the Australian OPAL reactor; and represented the Attorney-General’s Department in the Security Sensitive Biological Agents development process, bringing to it a pragmatic, risk driven approach. As Director of Identity and Biometric Security Policy, Alex was responsible for developing the successful proposal to expand the Australian Document Verification Service into the private sector in 2012. Alex has been a member of the Australasian Council of Security Professionals since 2011 and a registered security professional in the area of Security Enterprise Management with the Security Professionals Register of Australasia.