Photo By Karin Jonsson (Flickr: Poodle) [CC-BY-2.0 via Wikimedia Commons
POODLE 2.0: Here We Go Again
It was just a bit more than an month ago when the POODLE vulnerability in SSLv3 was discovered and sent sysadmins around the world scrambling.
You might remember that the original POODLE vulernability affected SSLv3, an older protocol that has been largely replaced by the TLS protocol. Since SSLv3 was only available on many systems as a measure to support very old web browsers, it was no big deal to disable it and thereby remove the vulnerabilty.
But today news is spreading that some TLS implementations can be vulnerable too and that as many as 10% of all web sites maybe affected. This new vulnerability has been labeled CVE-2014-8730 and it’s much more serious that the original POODLE.
It’s time to scramble again.