POODLE – SWITCH Security-Blog

The Poodle bites again: PoodleTLS or CVE-2014-8730 is a new vulnerability that targets some TLS implementations. F5 and A10 networking equipment are affected.
Internet of things: What makes securing the Internet of Things (IoT) so different from securing other computing platforms?
OS X Yosemite likes to phone home. Here’s how you can work around it.
Lollipop’s security: Kaspersky took a look at Android 5.0 Lollipop’s security, specifically its corporate-oriented security features, and found quite a few.
No free lunch, just once more: A good blog-post about the dangers of public Wi-Fi.
Sony Pictures Hack: A few words from Bruce Schneier.
Magnitude exploit kit: SpiderLabs published an interesting blog article series about the Magnitude exploit kit.
Cloud Atlas: Do you remember ‘Red October’, a complex cyber-espionage operation targeting diplomatic embassies worldwide 2 years ago? ‘Cloud Atlas’ might be the successor.

Why privacy matters: In this TED talk, Glenn Greenwald makes the case for why you need to care about privacy, even if you’re “not doing anything you need to hide”.
Is your Network Attached Storage (NAS) secure? A proof-of-concept worm was written by security researcher Jacob Holcomb to illustrate how vulnerable such data stores are to malicious attacks.
SSLv3: POODLE (Padding Oracle On Downgraded Legacy Encryption) is a new attack on the legacy SSLv3 protocol which is considered easier to exploit than similar previous attacks against SSL/TLS. A Security Advisory is available here (PDF). To test if your client is vulnerable SANS setup a Poodle test page. And Heise published a good background article (in german).
Shellshock: Michael Smith (Akamai) explains why the Shellshock battle is only beginning: The “long tail” challenge of the recently discovered Bash vulnerability. A Shellshock exploit is aleady included in the Mayhem botnet malware kit.
SandWorm is a zero-day vulnerability impacting all supported versions of Microsoft Windows including Windows Server 2008 and 2012.
Awareness: The US-CERT reminds users to protect against email scams and cyber campaigns using Ebola as a theme.
Beware of the air gap risks! Adi Shamir explains at the opening keynote for the Black Hat Europe conference why air-gapped networks are not as secure as usually anticipated. Have fun!