Padding Oracle On Downgraded Legacy Encryption (POODLE)
The poodle vulnerability has been around as an exploit since 2014.It led to an attack which led to completely disabling SSL 3.0 on the client and server-side to prevent hackers from making use of this man-in-the-middle attack. 2014 also brought us Heartbleed bug, BERserk, and FREAK exploits. That might seem like ancient history in cybersecurity. But history has a freaky way of repeating itself.
In 2016 the DROWN attack took advantage of support for SSLv2 protocol and exposed the weakness in more than 81,000 of the top 1 million most popular websites. As we get closer to 2017, the odds are increasing that the number of exploits will continue to rise.
Krebs is usually a good source of the most up to date info. But it remains a race, and I’m not always sure we’re winning. http://krebsonsecurity.com/
In the meantime, here’s some pictures of poodles to lighten the mood! This is Cleaver Black – destroyer of dragons (blue stuffed ones).