A few weeks ago, 3 researchers from Google announced that they have a major security breech on one of the most ubiquitous encryption technologies.
POODLE, which stands for Padding Oracle On Downloaded Legacy Encryption, was found in SSL 3.0(Secure Sockets Layer), is the technology that encrypts a user’s browsing session, making it difficult for anyone using a public Wi-Fi network (Starbucks, McDonalds, etc) to eavesdropped on.
According to Google, an attacker that controls the network between the computer and server could interfere with the handshake process used to verify which cryptography protocol the server can accept using a “protocol downgrade dance”.
This will force computers to use the older SSL 3.0 protocol to protect data that is being sent. Attackers can then exploit the bug by carrying out a man-in-the-middle (MITM) attack to decrypt secure HTTP cookie and enable them to hijack someone’s browsing session and do things like take over their email, online banking, or social networking account. To pull off an a Poodle attack the victim has to be actively online and physically close to the attacker — say, using the same public Wi-Fi.
For business managing their own servers, Security software firm Symantec recommends the following:
1. Check to see if your webservers are vulnerable using their free SSL Toolbox.
2. Use tools that support TLS_FALLBACK_SCSV, a mechanism that prevents attackers from forcing Web browsers to use SSL 3.0.
3. Disable SSL 3.0 altogether, or disable SSL 3.0 CBC-mode ciphers
4. Use a cloud-based Web Application Firewall can help protect against this kind of vulnerability
If you have any questions about POODLE, please feel free to email us at firstname.lastname@example.org.