Everyone's Blog in Network Security

Tame that POODLE: Managing the Latest SSL Vulnerability

Last week the OpenSSL project released an advisory that describes a new SSL vulnerability. Now commonly known as “POODLE” ("Padding Oracle On Downgraded Legacy Encryption"), this vulnerability is less dangerous that its predecessor, the Heartbleed bug—primarily because of the conditions needed to exploit it (see below). 

POODLE is essentially an attack on the SSLv3 protocol. It was discovered in September (and published on October 14) by Google employees Bodo Möller, Thai Duong, and Krzysztof Kotowicz.