Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
Take advantage of Black Friday with 15% off sitewide with coupon code "BLACKFRIDAY" on Slashdot Deals (some exclusions apply)". ×

Submission + - POODLE SSL 3.0 Protocol-Level Vulnerability (

An anonymous reader writes: A protocol-level, non-implementation specific, attack against SSL 3.0 has been announced by Google: 'Today we are publishing details of a vulnerability in the design of SSL version 3.0. This vulnerability allows the plaintext of secure connections to be calculated by a network attacker. [...] Disabling SSL 3.0 support, or CBC-mode ciphers with SSL 3.0, is sufficient to mitigate this issue, but presents significant compatibility problems, even today. Therefore our recommended response is to support TLS_FALLBACK_SCSV.'

Submission + - OpenBSD Team Cleaning Up OpenSSL

Iarwain Ben-adar writes: The OpenBSD has started a cleanup of their in-tree OpenSSL library. Improvements include removing "exploit mitigation countermeasures", fixing bugs, removal of questionable entropy additions, and many more. If you support the effort of these guys who are responsible for the venerable OpenSSH library, consider a donation to the OpenBSD Foundation. Maybe someday we'll see a "portable" version of this new OpenSSL fork. Or not.

Nothing will ever be attempted if all possible objections must be first overcome. -- Dr. Johnson