Following the most recent news of the POODLE flaw affecting widely used implementations of TLS, Gavin Millard, Technical Director, Tenable Network Security has given the following comment:
“While many of us had hoped we'd seen the last of the bumper crop of SSL/TLS vulnerabilities of 2014, it appears the year isn’t quite over. POODLE, the SSLv3 vulnerability disclosed in October has risen again, this time affecting some implementations of TLS 1.2.
“With many of us going online to secure last minute presents for friends and families, the administrators of the websites affected will be busy trying to patch this latest vulnerability to ensure communications are secure, remain private and aren’t easily abused by hackers. That's of course if they can do so without impacting trading, otherwise they may struggle to get buy in from the business during the vital Christmas trading period, when many retailers freeze systems to ensure they remain online and available.”