Last night, researchers from Google released details of a new attack that they have called the Padding Oracle On Downgrade Legacy Encryption (POODLE) attack which has been assigned CVE-2014-3566. This attack utilises a vulnerability in version three of the SSL protocol (SSLv3) when using Cipher Block Chaining (CBC) mode ciphers. Despite SSL being superseded by TLS, some TLS implementations allow for backwards compatibility with SSL to facilitate a smooth user experience when communicating with legacy systems.
Portcullis is very pleased to be one of the first organisations to have achieved CREST STAR accreditation. STAR heralds not only a new era of security assessments by combining Threat Intelligence with focused attack scenarios, it also raises the bar for companies providing Penetration Testing services.