- Sep 30, 2014
- 339
- 0
- 76
Last I knew the turnaround time once found was quite fast (and faster than the responses for the Linux Kernel - and heaven forbid you need to wait for a new kernel version to hit your distro...) One might add Microsoft didn't have the SSL bug, and Heartbleed took what, 2-3 years to be found?
In fact:
'The discovery of "Poodle," which stands for Padding Oracle On Downloaded Legacy Encryption, prompted makers of web browsers and server software to advise users on Tuesday to disable use of the source of the security bug: an 18-year old encryption standard known as SSL 3.0.'
'Ivan Ristic, director of application security research with Qualys, said "Poodle" was not as serious as the previous threats because the attack was "quite complicated," requiring hackers to have privileged access to networks.'
'Microsoft Corp issued an advisory suggesting that customers disable SSL 3.0 on Windows for servers and PCs.'
How does this not apply to Microsoft Windows?
Source:
http://www.huffingtonpost.com/2014/10/14/google-ssl_n_5986104.html