Jump to content

There Is a New Security Vulnerability Named POODLE, and It Is Not Cute

securitybreach

By securitybreach
in Security & Networking

 Share

Recommended Posts

securitybreach

securitybreach

Posted
Posted

On a day when system administrators were already taxed addressing several security updates released by Microsoft, Oracle, and Adobe, there is now word of a new security hole discovered in a basic protocol used for encrypting web traffic. Its name is POODLE, which stands for Padding Oracle on Downgraded Legacy Encryption, and it was discovered by three Google security researchers—Bodo Moller, Thai Duong, and Krzysztof Kotowicz. They published a paper (.pdf) about it today.

 

POODLE affects SSLv3 or version 3 of the Secure Sockets Layer protocol, which is used to encrypt traffic between a browser and a web site or between a user’s email client and mail server. It’s not as serious as the recent Heartbleed and Shellshock vulnerabilities, but POODLE could allow an attacker to hijack and decrypt the session cookie that identifies you to a service like Twitter or Google, and then take over your accounts without needing your password.

 

To exploit the vulnerability, you must be running javascript, and the attacker has to be on the same network as you—for example, on the same Starbucks Wi-Fi network you’re using. This makes it less severe than an attack that can be conducted remotely against any computer on the Internet.

 

The attack works only on traffic sessions using SSLv3......

http://www.wired.com...oodle-explained

Link to comment
Share on other sites
Cluttermagnet

Cluttermagnet

Posted
Posted

Ugh! I sooooo like my klunky old wired Ethernet connections.

 

All this repetitive carp makes me continue to feel not up to handling wifi.

It just scares me to death.

 

I have yet to personally own a lappie. I can restrain myself from

computing until I get back home...

  • Like 1
Link to comment
Share on other sites
securitybreach

securitybreach

Posted
  • Author
Posted

You do realize has wifi been widely used since about 1999.. I think your a bit over the top in how you think about Wifi. To each, their own but everything is vulnerable in one way or another. Your ethernet is also vulnerable to attacks. If you are a target, there is always a way in...

 

 

More info on the attack: How POODLE happened

Link to comment
Share on other sites
Guest LilBambi

Guest LilBambi

Posted
Posted

WiFi is still pretty safe with WPA2/AES. It hasn't been completely cracked like previous versions of WiFi encryption.

 

Since you are on such old hardware, I would make sure that if you do use a laptop, that the wireless card is capable of WPA2/AES.

Link to comment
Share on other sites
securitybreach

securitybreach

Posted
  • Author
Posted

Only partially if I remember correctly...

 

Trust me, you can.... A simple google search will show you this..... airmon-ng and reaver ;)

Link to comment
Share on other sites
Cluttermagnet

Cluttermagnet

Posted
Posted (edited)

There is this addon for Firefox:

 

https://addons.mozil...ersion-control/

 

Worked on the machine I tried it on using poodletest.com to test:

 

https://www.poodletest.com/

 

BTW I'm understanding that this problem would be universal, i.e. not just a

vulnerability of any one particular OS- right?

 

I read somewhere that a new FF release will fix this in about a month...

(for browser users)

Edited by Cluttermagnet
Link to comment
Share on other sites
V.T. Eric Layton

V.T. Eric Layton

Posted
Posted (edited)

This is what I saw there with Chromium, Chrome, and Opera in Slackware:

 

safesite.png

 

 

Edited by V.T. Eric Layton
  • Like 1
Link to comment
Share on other sites
ebrke

ebrke

Posted
Posted (edited)

I chose to change the value for security.tls.version.min to 1 in FF about:config rather than using the plug-in. My FF shows as not vulnerable at poodletest.com.

Edited by ebrke
Link to comment
Share on other sites
V.T. Eric Layton

V.T. Eric Layton

Posted
Posted

Slackware uses the Extended Support versions of FF, so mine is only version 24.8.1 ESR. Mozilla will issue a patch eventually. :)

Link to comment
Share on other sites
ebrke

ebrke

Posted
Posted

Slackware uses the Extended Support versions of FF, so mine is only version 24.8.1 ESR. Mozilla will issue a patch eventually. :)

Why not change the value in about:config?
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...