Go to Insights page Insights
Go to Intelligence page Intelligence
Go to Investing page Investing
Go to Innovations page Innovations
Go to Impact page Impact
Go to Two Takes page Two Takes
Go to Two Takes page
Go to Insights page Insights
Go to Intelligence page Intelligence
Go to Investing page Investing
Go to Innovations page Innovations
Go to Impact page Impact
Two Takes View TECHi Stance

Apple to kill off SSL 3.0 notifications due to Poodle vulnerability

TECHi's Author Michio Hasai
Opposing Author Computerworld Read Source Article
Last Updated
Computerworld
Computerworld View all Computerworld Two Takes by TECHi Read the original story Published October 23, 2014
TECHi's Take
Michio Hasai
Michio Hasai
  • Words 78
  • Estimated Read 1 min

Apple said Wednesday it will stop supporting the encryption standard Secure Sockets Layer 3.0 for its push notifications service in response to a vulnerability identified earlier this month in the aging protocol. Apple announced on its developer site that it will switch on October 29 from SSL 3.0 to Transport Layer Security (TLS), SSL’s more modern, less vulnerable younger sibling. Disclosed earlier this month, the vulnerability, called Poodle, allows encrypted information to be exposed by an attacker with network access.

Computerworld

Computerworld

  • Words 181
  • Estimated Read 1 min
Read Article

Apple will stop support next week for an encryption protocol found to contain a severe vulnerability, the company said on Wednesday. Support for SSL 3.0 will cease as of Oct. 29, it said. “Providers using only SSL 3.0 will need to support TLS as soon as possible to ensure the Apple Push Notification service continues to perform as expected,” according to a note to developers. “Providers that support both TLS and SSL 3.0 will not be affected and require no changes.” Google researchers revealed last week they found a flaw in SSL (Secure Sockets Layer) version 3.0, which was released more than 15 years ago. SSL has been replaced by TLS (Transport Layer Security), but the old versions are still used by some servers across the Internet and are supported by web browsers. The researchers found it was possible using a man-in-the-middle attack—nicknamed “POODLE”—to downgrade the SSL/TLS connection to the less-secure 3.0 version, where the flaw could allow an attacker to steal a person’s authentication cookies. The attacker and victim must be on the same network, posing a risk to people using public Wi-Fi.

Source

NOTE: TECHi Two-Takes are the stories we have chosen from the web along with a little bit of our opinion in a paragraph. Please check the original story in the Source Button below.

Balanced Perspective

TECHi weighs both sides before reaching a conclusion.

TECHi’s editorial take above outlines the reasoning that supports this position.

More Two Takes from Computerworld

Four months in and net neutrality hasn’t stifled broadband investment
Four months in and net neutrality hasn’t stifled broadband investment
Carl
Carl

It's been four months since the FCC passed its net neutrality rules, and broadband investment still hasn't suffered. Many opponents…

Microsoft loses money for every smartphone it sells
Microsoft loses money for every smartphone it sells
Connor
Connor

Microsoft doesn't have a good track record with making money on its hardware, which isn't necessarily a bad thing considering…

Cisco tries to avoid the NSA by shipping equipment to weird places
Cisco tries to avoid the NSA by shipping equipment to weird places
Louie
Louie

Lets say the American government is interested in spying on you and, while you're pretty sure the company you're getting…

The Tor Network is anticipating a possible attack from law enforcement
The Tor Network is anticipating a possible attack from law enforcement
Alfie
Alfie

On Friday, a post on the Tor Project's blog sent out an alarming message: "The Tor Project has learned that…