What’s the difference between a Vulnerability Assessment (VA) and a Pen Test? As always, “industry standard” terms mean different things to different people. To us here at Blanket Security, the difference is in the client’s desired business outcome and how mature their in-house security processes are. But in a nutshell, A vulnerability assessment is an [...]

The POODLE vulnerability (“Padding Oracle On Downgraded Legacy Encryption” – CVE-2014-3566) is an exploit of SSLv3, an almost 20 year old protocol that shouldn’t really be supported any more. Except some sites still do! An attack works by forcing fallback to SSLv3, then making multiple SSL requests to matematically predict and then decode an encrypted [...]