A major flaw in SSL 3.0 has been discovered by Google & the web springs into action. The Double Irish is getting shut down & Google has something very sweet for us all!

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

Google Online Security Blog: This POODLE bites: exploiting the SSL 3.0 fallback

Today we are publishing details of a vulnerability in the design of SSL version 3.0. This vulnerability allows the plaintext of secure connections to be calculated by a network attacker.

SSL 3.0 is nearly 15 years old, but support for it remains widespread. Most importantly, nearly all browsers support it and, in order to work around bugs in HTTPS servers, browsers will retry failed connections with older protocol versions, including SSL 3.0. Because a network attacker can cause connection failures, they can trigger the use of SSL 3.0 and then exploit this issue.

ImperialViolet – POODLE attacks on SSLv3

Fundamentally, the design flaw in SSL/TLS that allows this is the same as with Lucky13 and Vaudenay’s two attacks: SSL got encryption and authentication the wrong way around — it authenticates before encrypting.

The POODLE Attack and the End of SSL 3.0 | Mozilla Security Blog

SSL version 3.0 is no longer secure. Browsers and websites need to turn off SSLv3 and use more modern security protocols as soon as possible, in order to avoid compromising users’ private information.

SSLv3 will be disabled by default in Firefox 34, which will be released on Nov 25. The code to disable it is landing today in Nightly, and will be promoted to Aurora and Beta in the next few weeks. This timing is intended to allow website operators some time to upgrade any servers that still rely on SSLv3.

“Double Irish” Tax Loophole Used By US Companies To Be Closed

The Irish Finance Minister announced on Tuesday that Ireland will no longer allow companies to register in Ireland unless the companies are also tax resident. This will effectively close off the corporate tax evasion scheme known as the “Double Irish” used by the likes of Google, Apple, and Facebook to route their earnings through their Irish holdings in order to garner an effective tax rate of, as in Google FY2013, 0.16%. Ireland’s new policy will take effect in 2015 for new companies. “For existing companies, there will be provision for a transition period until the end of 2020.”

GT Advanced COO sold $1.2M in shares before bankruptcy, Apple asks court to seal documents | 9to5Mac

There has been some indication that executives anticipated the bankruptcy with reports that the company’s CEO unloaded approximately $160,000 in stock days before the iPhone 6 launched without GT’s sapphire cover that was previously rumored to make an appearance on the device. Today, The Wall Street Journal reports that another GT Advanced executive, COO Daniel Squiller, sold $1.2 million of stock in May and “set up a plan under which he sold another $750,000 of shares over ensuing months before the company filed for bankruptcy.”

Details of Apple’s contracts with supplier GT Advanced have been trickling out since the company filed for Chapter 11 bankruptcy earlier this month. While asking courts for permission to “wind down” operations at its Arizona plant, the company called its agreement with Apple “oppressive and burdensome” and reportedly requested courts disclose more information about its relationship with Apple. The exact reason behind what lead to the bankruptcy filing is still unclear, but there has been speculation that it’s related to a final $139 million payment that was reportedly withheld by Apple.

Google Teases Android L Ahead of Rumored Nexus Launch

Among rumors that the newest Nexus devices will be announced as soon as tomorrow, Google Senior VP Sundar Pichai sent out this tweet earlier today:

Met some sweet new friends today.