9 Dec
2014
9 Dec
'14
9:33 a.m.
"If you patched your sites against a serious SSL flaw discovered in October you will have to check them again. Researchers have discovered that the POODLE vulnerability also affects implementations of the newer TLS protocol. The POODLE (Padding Oracle On Downgraded Legacy Encryption) vulnerability allows attackers who manage to intercept traffic between a user's browser and an HTTPS website to decrypt sensitive information, like the user's authentication cookies." -- source: http://it.slashdot.org/story/14/12/09/0423210 Cheers, Peter -- Peter Reutemann, Dept. of Computer Science, University of Waikato, NZ http://www.cms.waikato.ac.nz/~fracpete/ Ph. +64 (7) 858-5174