Truly scary SSL 3.0 vuln to be revealed soon: sources

  • 14 October 2014
  • 2 replies
  • 459 views

Userlevel 7
Badge +54

So worrying, no one's breathing a word until patch is out

By Darren Pauli, 14 Oct 2014  Gird your loins, sysadmins: The Register has learned that news of yet another major security vulnerability - this time in SSL 3.0 - is probably imminent.
Maintainers have kept quiet about the vulnerability in the lead-up to a patch release expected in in the late European evening, or not far from high noon Pacific Time.
 Details of the problem are under wraps due to the severity of the vulnerability.
 
Full Article

2 replies

Userlevel 7
This looks like another bomb shell of a problem. IT and security researchers will be watching this one closely
Userlevel 7
The following article is a update

(Apple to stop SSL 3.0 support for push notifications next week)

By Jeremy Kirk
IDG News Service | Oct 23, 2014
 
Apple will stop support next week for an encryption protocol found to contain a severe vulnerability, the company said on Wednesday.
Support for SSL 3.0 will cease as of Oct. 29, it said.
"Providers using only SSL 3.0 will need to support TLS as soon as possible to ensure the Apple Push Notification service continues to perform as expected," according to anote to developers. "Providers that support both TLS and SSL 3.0 will not be affected and require no changes."
 
Full Article

Reply