Everyone's Blog in Network Security

Tame that POODLE: Managing the Latest SSL Vulnerability

Last week the OpenSSL project released an advisory that describes a new SSL vulnerability. Now commonly known as “POODLE” ("Padding Oracle On Downgraded Legacy Encryption"), this vulnerability is less dangerous that its predecessor, the Heartbleed bug—primarily because of the conditions needed to exploit it (see below). 

POODLE is essentially an attack on the SSLv3 protocol. It was discovered in September (and published on October 14) by Google employees Bodo Möller, Thai Duong, and Krzysztof Kotowicz.

7 Technologies that Impact PCI

A few weeks ago I had a chance to attend the PCI Security Standards Council’s 2014 North American Community Meeting in Orlando, Florida. (PCI is shorthand for the Payment Card Industry Data Security Standard, a guideline to help organizations that process, store or transmit card payments.) Two highlights for me were presentations by the PCI’s new general manager Stephen W. Orfei, and another by Adm.