Tame that POODLE: Managing the Latest SSL Vulnerability

Last week the OpenSSL project released an advisory that describes a new SSL vulnerability. Now commonly known as “POODLE” ("Padding Oracle On Downgraded Legacy Encryption"), this vulnerability is less dangerous that its predecessor, the Heartbleed bug—primarily because of the conditions needed to exploit it (see below). 

POODLE is essentially an attack on the SSLv3 protocol. It was discovered in September (and published on October 14) by Google employees Bodo Möller, Thai Duong, and Krzysztof Kotowicz.

In the Wake of Heartbleed Part 3: How Enterprise Cloud Manager Gave Customers an Advantage over Heartbleed

As the old saying goes, when you’re being chased by a bear, you don’t have to run faster than the bear. You just have to run faster than the people you’re with. The same is true when it comes to data security.

Guest Blog Post from Kent Woodruff on Internet World

Post Heartbleed, those of us involved in network security could take a lesson from the CDC. One of the biggest barriers to stopping the repeated threats of an Avian Flu pandemic is the resistance on the part of many nations to share information when the flu takes hold in their country. We saw this in May 2013 when China refused to release English-language versions of relevant statistics and facts about an outbreak in their country of a new bird flu called H7N9.

In the Wake of Heartbleed Part 2: All Hands on Deck

I talked last week about how the Heartbleed bug was unique in how long it went undiscovered, how many things it affected, and how hard it was to tell if anyone had used it to access data. Today I’d like to talk about what CradlePoint did to reestablish protections for our customers.

In the Wake of Heartbleed Part 1: Three Observations

Now that the dust has settled in the aftermath of the Heartbleed bug, I thought it might be useful to summarize some of the things CradlePoint learned and did that will help us better protect our clients in the future.  Let me be clear that CradlePoint acted swiftly to resolve the issues created by Heartbleed as soon as the vulnerability was discovered. I’ll talk about the remediation steps we took in my next post.