Today's Question:  What's your opinion about Alibaba mooncake incident?        GIVE A SHOUT

Technical Article => Security =>  Code Security

A new SSL 3.0 vulnerability named POODLE is released

  sonic0002      2014-10-15 04:48:59      4,265    0    0

Today a new SSL v3 security vulnerability is released by Google and it affects all products which is using SSL v3 protocol as this vulnerability is introduced by a design flaw.

Google revealed details of the design flaw on Tuesday, and dubbed it POODLE – short for Padding Oracle On Downgraded Legacy Encryption. It is a blunder within the blueprints of SSL 3.0 rather than a software bug, so it affects any product following the protocol – from Google Chrome and Mozilla Firefox to Microsoft Internet Explorer.

If this vulnerability is exploited by the attackers, the session cookies from the victims can be stolen and used to log in as the victim to access services such as banking, Gmails etc.

You can find the details of the vulnerability and how to reproduce the issue following the post https://www.dfranke.us/posts/2014-10-14-how-poodle-happened.html.

If you want to bypass this issue, you can choose to disable SSL v3 as this protocol is meant to be deprecated and it contained design flaws. Google's response to the flaw is to scrub SSL 3.0 support from its flagship Chrome browser. Websites and other browsers are also expected to end support for SSL v3 as it's now considered insecure by design, and instead enforce the use of TLS for HTTPS connections.

For more information about this vulnerability, you can check at Kill SSL 3.0 NOW god dammit NOW: HTTPS SAVAGED by vicious POODLE

GOOGLE VULNERABILITY SSL V3 POODLE

  SAVE AS PDF   MARK AS READ   MARK AS IMPORTANT

  RELATED


  0 COMMENT


No comment for this article.


  WRITE ARTICLE

Is this magic?

By sonic0002