Kenneth White (@KennWhite)
A good quote starts: "There is no difference, from the attacker's point of view, between a gross and tiny errors. Both of them are equally exploitable."..."This lesson is very hard to internalize. In the real world, if you build a bookshelf and forget to tighten one of the screws all the way, it does not burn down your house".
We look for the following in network transport encryption: data exposure, network intercept, credential theft, identity theft, authenticated cipher suites, etc.
We have learned, the hard way, the problem with unauthenticated block modes. If you don't compute the hash correctly or in the wrong order - it's useless.
After POODLE, SSLv3 is dead. It's still out there, but as a practical matter, it's gone.
Getting good data on who is impacted by a security vulnerability is hard - even Gartner got this wrong, by overestimating who was impacted by FREAK just by how many devices still supported SSLv3 (even if they did not actually have the vuln).
Advice going forward: use AEAD!
A Series of Unfortunate Monograms - Who thought *this* was a good idea? Or this? (Never in my life have I so fervently hoped that a cake was chocolate.) Or, Aunt Flo help us, *this?*...