Skip to main content

Posts

Showing posts from December, 2014

POODLE has Morphed??????

Recently, new exploits for the  RC4 stream cipher suite have come to light. It is used in almost half of the internet's SSL/TLS implementations, that "https" stuff that you see in front of your url, and many well know companies, including internet giant Google, are still using the protocol. However, at this time, security professionals are saying that an attacker would have to cause hundreds of millions of TLS connections while executing a Man-in-the-Middle attack, in order to glean enough information about the traffic being encrypted to mount a feasible attack.

For the moment, researchers are saying that we are safe, but administrators should not wait too long before disabling the SSLv3 fallback vulnerability. Security experts believe that development of GCM, Galois/Counter Mode symmetric key cryptographic block cipher, will be accelerated to help phase out RC4 cipher.

The security research company Qualys has created a testing page that can be used to check domains for …