Tried, Tested and Proven

Monthly Archives: October 2014

Last night, researchers from Google released details of a new attack that they have called the Padding Oracle On Downgrade Legacy Encryption (POODLE) attack which has  been assigned CVE-2014-3566. This attack utilises a vulnerability in version three of the SSL protocol (SSLv3) when using Cipher Block Chaining (CBC) mode ciphers.  Despite SSL being superseded by TLS, some TLS implementations allow for backwards compatibility with SSL to facilitate a smooth user experience when communicating  with legacy systems.

Continue reading

crest star

CREST STAR

Portcullis is very pleased to be one of the first organisations to have achieved CREST STAR accreditation. STAR heralds not only a new era of security assessments by combining Threat Intelligence with focused attack scenarios, it also raises the bar for companies providing Penetration Testing services.

Continue reading