A fresh attack vector against SSL has been detailed, but analysts are mixed on the severity of the POODLE (Padding Oracle On Downgraded Legacy Encryption) flaw. After it was rumoured to be disclosed yesterday by the Register, it was later detailed as revealing a vulnerability in the way that SSL v3 uses ciphers and allows an attacker to extract the plaintext of targeted parts of an SSL connection, usually cookie data, and doesn't require such extensive control of the format of...
Read more