Believe it or not, there's a new attack on SSL. Yes, I know you're thunderstruck. Let's get a few things out of the way quickly.
First, this is not another Heartbleed. It's bad, but it's not going to destroy the Internet. Also, it applies only to SSLv3, which is (in theory) an obsolete protocol that we all should have ditched a long time ago. Unfortunately, we didn't.
Anyway, enough with the good news. Let's get to the bad.
more here..........http://blog.cryptographyengineering.com/2014/10/attack-of-week-poodle.html
First, this is not another Heartbleed. It's bad, but it's not going to destroy the Internet. Also, it applies only to SSLv3, which is (in theory) an obsolete protocol that we all should have ditched a long time ago. Unfortunately, we didn't.
Anyway, enough with the good news. Let's get to the bad.
more here..........http://blog.cryptographyengineering.com/2014/10/attack-of-week-poodle.html