POODLE and related SSL vulnerabilities - network-security-poodle-kasahara.pdf
Yoshiaki Kasahara, Kyushu University
In October 2014, Google Security Team discovered and published yet-another SSL vulnerability called POODLE (Padding Oracle On Downgraded Legacy Encryption), which allows a man-in-the-middle attacker to decipher an encrypted text without knowing the encryption key (one byte per 256 requests). It induced urged action to exterminate SSLv3 support from various services in the Internet, but it also caused troubles with some users. In this talk, Ill try to summarize what is POODLE attack, how it works, its workaround, and influence on ordinary users.
Dr. Yoshiaki Kasahara is an assistant professor at Research Institute of Information Technology, Kyushu University, Japan. He received his B.S., M.S., and Doctor of Engineering from Kyushu University.
His main interest is computer network security, especially intrusion detection/prevention, traffic monitoring, and deep packet inspection. He is a chair of security working group in APAN (Asia Pacific Advanced Network).
Also he has been working as one of system administrators for Kyushu University campus network. His experience includes mail service, web hosting, DNS, IDS, private cloud and so on.
He is a member of IPSJ (Information Processing Society Japan) and IEICE (The Institute of Electronics, Information and Communication Engineers).