Vicious POODLE Finally Kills SSL
The poodle must be the most vicious dog, because it has killed SSL. POODLE is the latest in a rather lengthy string of vulnerabilities in SSL (Secure Socket Layer) and a more recent protocol, TLS (Transport layer Security). Both protocols secure data that is being sent between applications to prevent eavesdropping, tampering, and message forgery. POODLE (Padding Oracle On Downgraded Legacy Encryption) rings the death knell for our 18-year-old friend SSL version 3.0 (SSLv3), because at this point, there is no truly safe way to continue using it.
TLS Renegotiation and Load Balancers
I seem to be fielding more and more questions of late around the rather well-known SSLv3 and TLS renegotiation flaw. For those who aren’t familiar, the TLS renegotiation flaw allows the injection of data into a SSLv3 or TLS stream, potentially causing data injection or the program to misbehave in some other fashion. It is not a full man-in-the-middle attack because the attacker can’t read what’s in the data stream, only inject into it. Ultimately, this is a protocol flaw—one that’s been fixed as an extension to TLS as…
IOActive’s IOAsis at RSA 2012
This is not a technical post as usual. This is an invitation for an important event if you are going to RSA 2012 and want to escape the chaos and experience the luxury at IOAsis while enjoying great technical talks and meeting with industry experts. If you want to feel like a VIP and have great time then don’t miss this opportunity! We have scheduled some really interesting talks such as: Firmware analysis of Industrial Devices with IOActive researcher Ruben Santamarta Mobile Security in the Enterprise with IOActive VP, David Baker…