POODLE
Latest
The problem with 'pumpkin spice' security bugs
Bad Password is a hacking and security column by Violet Blue. Every week she'll be exploring the trendy new cyberhysteria, the state of the infosec community and the ever-eroding thing that used to be called "privacy." Bad Password cuts through the greed, fear mongering and jargon with expertise, a friendly voice and a little levelheaded perspective. When asked, "Why give a vulnerability a website, logo and brand image?" many infosec professionals will confidently answer that flamboyant bugs raise awareness toward fixes. Fixing and patching, we're led to believe, is almost as fun as a trip to the dentist. Which is true. Heartbleed, Shellshock, Stagefright, Sandworm, Rootpipe, Winshock and the truly terror-inducing nom-de-sploit POODLE are not, in fact, a list of situational phobias. These were named with intent to become PR markers -- although looking at the way some of these vulns (vulnerabilities) got their names and brands, it seems like the focus was more on the credit for naming them, rather than the actual usefulness of trying to "pumpkin spice" a bug.
Google discovers another web security flaw that leaves browsers vulnerable
Get ready for Heartbleed deja-vu: Google just found an exploit in SSL 3.0 that could give attackers the ability to work out the plaintext traffic of a secure connection. It's calling the attack "POODLE," or Padding Oracle On Downgraded Legacy Encryption, and it allows a man-in-the-middle attacker to decrypt HTTP cookies. Cookies can be used to store personal information, website preferences or even passwords, depending on the situation. SSL 3.0 is a pretty old (15 years) protocol, but it's still used in most web browsers and as a fallback for countless servers in case modern protocols fail to connect. Prospective attackers can force a server to default back to SSL 3.0 for the sake of the exploit.
Dog Days of Summer: Look at me! I'm a YouTube star!
While some dogs like last week's Dog Days subject Zandra work hard every day, others are busy checking themselves out on YouTube. TUAW reader Kim Frandsen sent us a photo of standard poodle Louie doing just that. Kim says that Louie's "a big fan of YouTube videos ... especially ones starring him." It looks to me like Louie is just about to go for the trackpad on that classic white MacBook to click the play button! If you have a Dog Days nominee to share, let us know via our feedback page (and please remember that the photo has to have some sort of connection to Apple and its products -- don't just send us a photo of your canine buddy). For security reasons we can't accept inbound attachments, so you should host the photo (Dropbox, Flickr, iPhoto Journals, etc.) and send us the link.
