The Broadband Guide
search advanced
 forgot password?

New "POODLE" SSL3 vulnerability threatens HTTPS

2014-10-15 09:44 by
Tags: , , ,


Google announced that it has discovered a security bug in the design of SSL version 3.0. Google's researchers Bodo Mueller, Thai Duong and Krzysztof Kotowicz developed an attack that exploits the SSL flaw and called it "POODLE," which stands for "Padding Oracle On Downgraded Legacy Encryption."

With such an attack hackers could steal browser "cookies", potentially taking control of email, banking and social networking accounts. However, security experts claim the threat is not as serious as the "Heartbleed" bug in OpenSSL protocol and "Shellshock" bug in Bash.

The security bug affects SSL version 3.0, which is nearly 15 years old. It has been replaced by TLS 1.0 and TLS 1.1 and TLS 1.2. However, most modern TLS implementations are still backward compatible with Open SSL 3.0 and therefore vulnerable to this particular flaw.

Google is preparing a patch for Chrome that would forbid falling back to SSL 3.0 for all servers, but "this change will break things and so we don't feel that we can jump it straight to Chrome's stable channel. But we do hope to get it there within weeks and so buggy servers that currently function only because of SSL 3.0 fallback will need to be updated."

Mozilla will also take actions to solve the problem. It plans to turn off SSL 3.0 in Firefox.

"SSLv3 will be disabled by default in Firefox 34, which will be released on Nov 25," said Mozilla in a post.

Read more -here-



  Post your review/comments
News Glossary of Terms FAQs Polls Cool Links SpeedGuide Teams SG Premium Services SG Gear Store
Registry Tweaks Broadband Tools Downloads/Patches Broadband Hardware SG Ports Database Security Default Passwords User Stories
Broadband Routers Wireless Firewalls / VPNs Software Hardware User Reviews
Broadband Security Editorials General User Articles Quick Reference
Broadband Forums General Discussions
Advertising Awards Link to us Server Statistics Helping SG About