How We Broke the Internet with 12 Characters


Ok well, maybe saying we broke the internet is a bit heavy handed. But now that you are reading…

The other day we ran into POODLE. This POODLE is not to be confused with one of our four legged friends - a Poodle. No, I am refering to this POODLE - Padding Oracle On Downgraded Legacy Encryption.

Here’s the quick on POODLE: An old security protocol, still widely used on the internet, was discovered to have a nasty security vulnerability. This is another recent OpenSSL vulnerability (see Heartbleed). Basically, no one should be using SSLv3 because it is considered legacy. Lots of parts, pieces and tools still do - including ours.