rugk 397 Posted October 20, 2014 Share Posted October 20, 2014 Nicknamed POODLE – it’s an acronym for Padding Oracle On Downgraded Legacy Encryption – Engadget reports that the bug “allows a man-in-the-middle attacker to decrypt HTTP cookies,” on SSL 3.0. Although SSL 3.0 is around 15 years old, it is still widely used in most web browsers and as a backup on servers if modern protocols fail to connect. Worryingly, “prospective attackers can force a server to default back to SSL 3.0 for the sake of the exploit.” hxxp://www.welivesecurity.com/2014/10/15/poodle-attack-google-uncovers-major-flaw-ssl-3-0/ So this should be the end of SSL v3. Now my suggestion for the ESET products... What about making this? Link to comment Share on other sites More sharing options...
rugk 397 Posted October 24, 2014 Author Share Posted October 24, 2014 Thanks @planet. And what do you say about this @ESET? Link to comment Share on other sites More sharing options...
rugk 397 Posted November 8, 2014 Author Share Posted November 8, 2014 What do you say about this suggestion, ESET? Link to comment Share on other sites More sharing options...
rugk 397 Posted November 9, 2014 Author Share Posted November 9, 2014 Someone from the moderators or the ESET stuff: Would you please so kind to answer me? Link to comment Share on other sites More sharing options...
rugk 397 Posted December 13, 2014 Author Share Posted December 13, 2014 This suggestion is now more than one month old... What do you think about this, ESET? It was discovered that also some TSL implementations can be affected by this vulnerability, but still SSL v3 is the main point of attack. So isn't it a good idea to block not only SSL v2, but also SSL v3 with the SSL scanning of ESS or ESET NOD32? Link to comment Share on other sites More sharing options...
Utini 1 Posted December 14, 2014 Share Posted December 14, 2014 Very good suggestion ! Link to comment Share on other sites More sharing options...
rugk 397 Posted December 15, 2014 Author Share Posted December 15, 2014 Thanks, @Utini. And what does ESET say about this? Link to comment Share on other sites More sharing options...
Recommended Posts