testsetset
Google today came forward with details on a new issue regarding the SSL protocol, just a few months after the Heartbleed incident brought SSL into the spotlight.
“This vulnerability allows the plaintext of secure connections to be calculated by a network attacker,” Bodo Möller, of the Google Security Team, wrote in a blog post today. “I discovered this issue in collaboration with Thai Duong and Krzysztof Kotowicz (also Googlers).”
The name of the attack: Padding Oracle On Downgraded Legacy Encryption, or POODLE.
One potential workaround: disabling the use of version 3.0 of SSL.
June 5th: The AI Audit in NYC
Join us next week in NYC to engage with top executive leaders, delving into strategies for auditing AI models to ensure fairness, optimal performance, and ethical compliance across diverse organizations. Secure your attendance for this exclusive invite-only event.
“In the coming months, we hope to remove support for SSL 3.0 completely from our client products,” Möller wrote.
Details on the vulnerability can be found here.
