Today's Question:  What's your opinion about Alibaba mooncake incident?        GIVE A SHOUT

Technical Article => Security =>  Code Security

A new SSL 3.0 vulnerability named POODLE is released

  sonic0002      2014-10-15 04:48:59      4,289    0    0

Today a new SSL v3 security vulnerability is released by Google and it affects all products which is using SSL v3 protocol as this vulnerability is introduced by a design flaw.

Google revealed details of the design flaw on Tuesday, and dubbed it POODLE – short for Padding Oracle On Downgraded Legacy Encryption. It is a blunder within the blueprints of SSL 3.0 rather than a software bug, so it affects any product following the protocol – from Google Chrome and Mozilla Firefox to Microsoft Internet Explorer.

If this vulnerability is exploited by the attackers, the session cookies from the victims can be stolen and used to log in as the victim to access services such as banking, Gmails etc.

You can find the details of the vulnerability and how to reproduce the issue following the post

If you want to bypass this issue, you can choose to disable SSL v3 as this protocol is meant to be deprecated and it contained design flaws. Google's response to the flaw is to scrub SSL 3.0 support from its flagship Chrome browser. Websites and other browsers are also expected to end support for SSL v3 as it's now considered insecure by design, and instead enforce the use of TLS for HTTPS connections.

For more information about this vulnerability, you can check at Kill SSL 3.0 NOW god dammit NOW: HTTPS SAVAGED by vicious POODLE



Share on Facebook  Share on Twitter  Share on Google+  Share on Weibo  Share on Reddit  Share on Digg  Share on Tumblr    Delicious



No comment for this article.


How to eat instant noodle like beef steak

By sonic0002