Articles about poodle

Outsourced Virgin Media techies botched this infosec bod's Poodle fix

Virgin Media has promised to ensure all its agents are fully equipped to offer advice on the Poodle vulnerability, after a security expert exposed the failure of outsourced Indian call centre staff to explain and fix the problem. Independent security consultant Paul Moore, who is also a Virgin customer, was contacted by the …
Kat Hall, 4 Mar 2016
Container meltdown

Docker Hub images buggy and vulnerable, say researchers

Docker Hub users are playing Russian Roulette with Heartbleed, Poodle and Shellshock, according to an analysis of a bunch of images by newly-launched outfit BanyanOps. The outfit is using the research to bring itself out of stealth-mode, apparently: the company only Tweeted “Hello World” on May 1. Its claim, blogged here, is …

IETF updates TLS/SSL best practice guidance

Do: start rolling TLS 1.3, support TLS 1.2, and DTLS 1.2. Don't: negotiate sessions using TLS 1, TLS 1.1, SSL 2 or SSL 3. Those are the Internet Engineering Task Force's latest recommendations, set out in RFC 7525, Recommendations for Secure Use of Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS). …
Zombie rising from the grave

Barclays, Halifax and Tesco still being gnawed by POODLE

Major banks are still open to POODLE attacks months after being called out as vulnerable. The POODLE (Padding Oracle On Downgraded Legacy Encryption) security flaw surfaced October and affects the Secure Sockets Layer (SSL) 3.0 algorithm and versions of TLS (Transport Layer Security). Ivan Ristic's SSL Labs site revealed at …
Darren Pauli, 29 Apr 2015

POODLE vuln dogs Australian consumer modems

The persistent awfulness of consumer broadband modems is once again in evidence, with the Poodle and Freak bugs present in a huge number of Australian households. The issue has hit Twitter, with some people reporting that ISPs are notifying them of possible malicious traffic – but without useful information on what to do. TPG …
Zombie rising from the grave

Cisco FREAKs out, starts epic OpenSSL bug-splat

Cisco admins will be watching and waiting for fixes, with the company announcing that many of its OpenSSL implementations are carrying a bunch of post-POODLE fleas. The Borg has been looking over its kit and software since the OpenSSL project disclosed a bunch of vulns in January, and on March 10 detailed the impacts it's …

Sage Pay anti-POODLE upgrade REDUCED security - briefly

Online payment service Sage Pay has been fingered for temporarily reducing its security while revamping its site security. Security consultant Paul Moore noticed that the Sage Pay website was briefly running a weak cipher last week. The issue was quickly corrected after Moore went public with his concerns on Tuesday. He …
John Leyden, 4 Feb 2015

Post-POODLE, OpenSSL shakes off some fleas

OpenSSL has squashed eight low severity vulnerabilities bugs that could result in denial of service or the removal of forward secrecy. The holes, two graded "moderate", were addressed in OpenSSL updates 1.0.0p, 0.98zd, and 1.0.1k. Maintainers wrote in an advisory that Cisco warned last October that a crafted Datagram …
Darren Pauli, 9 Jan 2015

UK banks ill-prepared for return of the rabid POODLE

The latest evolution of a high-profile security flaw potentially exposes UK banks' web site traffic to eavesdropping. The POODLE (Padding Oracle On Downgraded Legacy Encryption) security flaw first surfaced in October and was thought to affect only the obsolete - but still widely used - Secure Sockets Layer (SSL) 3.0 crypto …
John Leyden, 15 Dec 2014

Microsoft lets YOU kill POODLE in Protected Mode sites

Microsoft has granted sysadmins the ability to kill exposure to rabid POODLE websites under SSL 3.0 for Internet Explorer Protected Mode sites. The Christmas gift will be switched on by default from February next year as Redmond moves to euthanised the Padding Oracle on Downgrade Legacy Encryption attack across its web …
Darren Pauli, 11 Dec 2014

Zombie POODLE wanders in, cocks leg on TLS

Google might have taken POODLE to a distant country road, let it out and driven away fast, but according to Qualys, the vulnerability has returned, repurposed, as an attack on Transaction Layer Security (TLS). Designated CVE-2014-8730, the new attack vector exploits the same class of problem as POODLE: an error in the handling …
Random numbers

IETF takes rifle off wall, grabs RC4 cipher's collar, goes behind shed

The IETF is getting ready to finally kill off the venerable-but-vulnerable RC4 cipher. The group has issued a last call for comments before humming over a proposal that Internet-standard clients and servers need to quit using RC4 in Transport Layer Security (TLS). It's a simple enough change, but in the wide world of the …

Sony quietly POODLE-proofs Playstations

Sony has patched the POODLE SSL vulnerability in its Playstation 3 and 4 gaming consoles. The rolling patch, introduced over the last fortnight, brings Transport Layer Security into Playstation's browsers and apps. SSL 3.0 is dispelled, off the Padding Oracle on Downgrade Legacy Encryption attack. The patch is a 200MB …
Darren Pauli, 24 Nov 2014

Google puts down POODLE, now wants to eradicate breed

A trio of Googlers have released a tool to help sysadmins identify applications and services open to nasty transport layer security vulnerabilities such as POODLE, Heartbleed and Apple's gotofail. The dryly named nogotofail tool, written by Android engineers Chad Brubaker, Alex Klyubin and Geremy Condra, allows devs to set up …
Darren Pauli, 5 Nov 2014

Google heads out the back with rifle, puts down POODLE

Google will destroy vicious POODLE in a pending update to its flagship Chrome browser. Update 40 will remove SSLv3 and the hard-to-exploit cookie-stealing Padding Oracle on Downgraded Legacy Encryption (POODLE) attack. Mountain View followed Redmond in its browser POODLE put-down after a single click FixIt SSLv3 disabler was …
Darren Pauli, 31 Oct 2014

Bad dog: Redmond's new IE tool KILLS POODLE with one shot

Microsoft has issued new guidance on the POODLE (Padding Oracle On Downgraded Legacy Encryption) SSL vulnerability, including a one-click utility that can automatically disable SSL 3.0 in Internet Explorer. The Fix It utility, which was released on Wednesday, is a reversible workaround for all versions of Redmond's browser …
Neil McAllister, 29 Oct 2014

Cisco battles POODLE with a listicle and some twaddle

Cisco has joined the growing list of vendors scrambling a response to the POODLE vulnerability, with a number of systems confirmed vulnerable and more under investigation. The Borg's current POODLE status only clears one system: the Cisco Adaptive Security Device Manager. The company says its ongoing assessment of products …

'George Orwell was an OPTIMIST. Show me a search history, I'll show you a perv or a crook'

QuoTW Google researchers came clean about a nasty little security vulnerability they discovered in SSL 3.0 this week, though not before El Reg first caught wind of it. The backdoor into the ancient old encryption standard can only be used if you can intercept the victim’s packets, potentially with a malicious Wi-Fi link, but once …

Create a news alert about poodle, or find more stories about poodle.

Biting the hand that feeds IT © 1998–2017