SSL Labs has a test for the just-announced POODLE attack against some TLS implementations https://community.qualys.com/blogs/securitylabs/2014/12/08/poodle-bites-tls …
@ivanristic Sorry, I'm taking some pretty dopey medication :) I meant "SSLv3-style padding". The test might produce some False +'s
-
-
@ivanristic Even SSLv3 can be secured against POODLE, by ignoring the padding length byte and instead computing all 16 potential HMACs -
@ivanristic Seeing some endpoints doing that, would apply to this bug too; though it's just plain silly not to enforce the TLS padding - 2 more replies
New conversation -
-
-
@colmmacc I suppose it could (if they’re ignoring the padding), but then I’ll be flagging them for not following the TLS specification ;)Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.