POODLE Flaw Returns, This Time Hitting TLS Protocol

angry tapir writes: If you patched your sites against a serious SSL flaw discovered in October you will have to check them again. Researchers have discovered that the POODLE vulnerability also affects implementations of the newer TLS protocol. The POODLE (Padding Oracle On Downgraded Legacy Encryption) vulnerability allows attackers who manage to intercept traffic between a user's browser and an HTTPS website to decrypt sensitive information, like the user's authentication cookies.

Re: A question I hope someone can answer

Have you considered upgrading your browser!

Re:Test your site with this

[Architect_sasyr]

The SSL Labs are a fantastic reference.

Turns out when I was using their guides and aiming for an A+ rating in October (not long after I took over the current post) I accidentally mitigated TLS POODLE before it even became publicly known. So.. whoops? Better not follow the best practices guides next time, better just patch the vulnerabilities as they come ;)