Slashdot is powered by your submissions, so send in your scoop


Forgot your password?
Slashdot Deals: Deal of the Day - 6 month subscription of Pandora One at 46% off. ×

Submission + - POODLE SSL 3.0 Protocol-Level Vulnerability (

An anonymous reader writes: A protocol-level, non-implementation specific, attack against SSL 3.0 has been announced by Google: 'Today we are publishing details of a vulnerability in the design of SSL version 3.0. This vulnerability allows the plaintext of secure connections to be calculated by a network attacker. [...] Disabling SSL 3.0 support, or CBC-mode ciphers with SSL 3.0, is sufficient to mitigate this issue, but presents significant compatibility problems, even today. Therefore our recommended response is to support TLS_FALLBACK_SCSV.'

Submission + - OpenBSD Team Cleaning Up OpenSSL

Iarwain Ben-adar writes: The OpenBSD has started a cleanup of their in-tree OpenSSL library. Improvements include removing "exploit mitigation countermeasures", fixing bugs, removal of questionable entropy additions, and many more. If you support the effort of these guys who are responsible for the venerable OpenSSH library, consider a donation to the OpenBSD Foundation. Maybe someday we'll see a "portable" version of this new OpenSSL fork. Or not.

"Love your country but never trust its government." -- from a hand-painted road sign in central Pennsylvania