A new SSL 3.0 vulnerability named POODLE is released
Today a new SSL v3 security vulnerability is released by Google and it affects all products which is using SSL v3 protocol as this vulnerability is introduced by a design flaw.
Google revealed details of the design flaw on Tuesday, and dubbed it POODLE – short for Padding Oracle On Downgraded Legacy Encryption. It is a blunder within the blueprints of SSL 3.0 rather than a software bug, so it affects any product following the protocol – from Google Chrome and Mozilla Firefox to Microsoft Internet Explorer.
If this vulnerability is exploited by the attackers, the session cookies from the victims can be stolen and used to log in as the victim to access services such as banking, Gmails etc.
You can find the details of the vulnerability and how to reproduce the issue following the post https://www.dfranke.us/posts/2014-10-14-how-poodle-happened.html.
If you want to bypass this issue, you can choose to disable SSL v3 as this protocol is meant to be deprecated and it contained design flaws. Google's response to the flaw is to scrub SSL 3.0 support from its flagship Chrome browser. Websites and other browsers are also expected to end support for SSL v3 as it's now considered insecure by design, and instead enforce the use of TLS for HTTPS connections.
For more information about this vulnerability, you can check at Kill SSL 3.0 NOW god dammit NOW: HTTPS SAVAGED by vicious POODLE
The image is authorized to publish here by Sina Weibo user @雪狼湖行于世.