POODLE: Vulnerability to SSL 3 was discovered by Google

It turns out that Secure Sockets Layer (SSL) encryption that we report as secure internet communication is vulnerable. Today researchers from Google have announced (PDF) that they have discovered a bug (POODLE) in SSL 3.0. The exploit could be used to track sensitive data that is supposed to be encrypted between the client and the server.poodle ssl security

The exploit first allows attackers to launch a "downgrade dance" or "downgrade dance" as reported by Google, telling the customer that the server does not support the most secure TLS (Transport Layer Security) protocol, and forces it to connect via SSL 3.0. From there, he can perform a man-in-the-middle attack to decipher secure HTTP cookies. Google calls POPODLE vulnerability (Padding Oracle On Downgraded Legacy Encryption).

In other words, your data is no longer encoded. Google researchers, Bodo Möller, Thai Duong and Krzysztof Kotowicz, recommend disabling SSL 3.0 on servers and clients. The server and client will predefine TSL to make a secure connection and exploitation will not be possible.

  Rapid Scan and queues in Super Market

For end-users, if your browser supports it, disable SSL 3.0, or even better use TLS_FALLBACK_SCSV (Transport Layer Security Signaling Cipher Suite Value) tools. This will prevent downgrading attacks. Google said it would launch testing on Chrome to disable the use of SSL 3.0 before removing protocol support from all its products in the coming months. In fact, there is already one available Chromium patch which disables SSL.

The foundation Mozilla is planning also disable SSL 3.0 in Firefox. "SSLv3 will be disabled by default in Firefox 34, which will be released on November 25."

Anyone interested in disabling SSL 3.0 in Firefox can do so with SSL Version Control add on for Firefox.

Registration in iGuRu.gr via email

Your email for sending each new post

Follow us on Google News iGuRu.gr at Google news

Leave a reply

Your email address Will not be published.

  + 31 = 35

Previous Story

Yahoo changes its external appearance

Next Story

CYBERKID Teleconferences on secure internet surfing