Thread: poodle - Padding Oracle On Downgraded Legacy Encryption SSL vulnerability
View Single Post
Old 10-29-2014, 11:03 PM   #13
rollei
Addict
rollei ought to be getting tired of karma fortunes by now.rollei ought to be getting tired of karma fortunes by now.rollei ought to be getting tired of karma fortunes by now.rollei ought to be getting tired of karma fortunes by now.rollei ought to be getting tired of karma fortunes by now.rollei ought to be getting tired of karma fortunes by now.rollei ought to be getting tired of karma fortunes by now.rollei ought to be getting tired of karma fortunes by now.rollei ought to be getting tired of karma fortunes by now.rollei ought to be getting tired of karma fortunes by now.rollei ought to be getting tired of karma fortunes by now.
 
Posts: 219
Karma: 1000210
Join Date: Mar 2014
Device: Kobo
Quote:
Originally Posted by eschwartz View Post
Yes.

In general these sort of tests are better for proving the presence of vulnerabilities, because if you are vulnerable once you can and will be again.

However, saying you aren't vulnerable... is it because you truly are protected, or because anything down to a random glitch prevented the connection going through and thus fooled the test?

I remember the same confusion wih the Heartbleed tests, but at least those warned you of the uncertainty.
That poodletest.com may not be accurate, I ran a test from SSL labs and got a vulnerable status.

SSL Labs link to test Poodle vulnerability:
https://www.ssllabs.com/ssltest/viewMyClient.html
rollei is offline   Reply With Quote