Google details new “Poodle” bug, making browsers susceptible to hacking by Jonathan Vanian.
From the post:
Google’s security team detailed today a new bug that takes advantage of a design flaw in SSL version 3.0, a security protocol created by Netscape in the mid 1990s. The researchers called it a Padding Oracle on Downgraded Legacy Encryption bug, or POODLE.
Although the protocol is old, Google said that “nearly all browsers support it” and its available for hackers to exploit. Even though many modern-day websites use the TLS security protocol (essentially, the next-generation SSL) as their means of encrypting data for a secure network connection between a browser and a website, things can run amok if the connection goes down for some reason.
…
See Jonathan’s post for more “Poodle” details.
Suggestions for a curated and relatively comprehensive collection in security bugs as they are discovered? I ask because I follow a couple of fairly active streams but I haven’t found one that I would call “curated,” in the sense that each bug is reported once and only once, with related material linked to it.
Is it just me or would others find that to be a useful resource?