POODLE poos on flaw (in SSL) as Google causes panic

SSL is attack dog when protocol-downgrade sinks teeth in leg

poodle ssl 3
Credit: Bodo Möller

Google infosec researchers have found a new nasty TLS downgrade attack. While we all knew these old versions of SSL crypto were insecure, it's always been thought hard to walk away. But now they argue that cutting off SSL is necessary.

Windows XP and IE6 be damned: In IT Blogwatch, bloggers cry, "TLS FTW!"

curated these bloggy bits for your entertainment.

Jeremy Kirk beams down, surrounded by characters we've never seen before (and never will again):

Google researchers have found a severe flaw [that] could be exploited to steal sensitive data. ... Bodo Möller, Thai Duong and Krzysztof Kotowicz...developed an attack called "POODLE," which stands for Padding Oracle On Downgraded Legacy Encryption.

An attacker would have to control the network...to conduct this kind of man-in-the-middle attack. That might be possible [say] over a Wi-Fi network in an airport.  MORE

And Darren Pauli told ya so:

As [we] warned...security researchers have discovered a vulnerability in SSL 3.0 that allows attackers to decrypt encrypted connections. ... The attack is, we're told, easy to perform, and can be done on-the-fly using JavaScript.

It is a blunder within the blueprints of SSL 3.0 rather than a software bug, so it affects any product following the protocol. ... Websites and...browsers are...expected to end support for SSL v3 as it's now considered insecure by design, and instead enforce the use of TLS. ... Websites that end support for SSL v3 will become incompatible with older browsers and OSes...the final nail in the coffin for machines stuck on IE6 and XP.  MORE

So Google's Bodo Möller öffërs thïs ëxpläïnër: [You ignoramus: no Germanic diæreses on e or i -Ed.]

[It's] a vulnerability in the design of SSL version 3.0. ... I discovered this issue in collaboration with Thai Duong and Krzysztof Kotowicz.

SSL 3.0 is nearly 15 years old...nearly all browsers support it and...will retry failed connections with older protocol versions, including SSL 3.0. [So] our recommended response is to support TLS_FALLBACK_SCSV [which] solves the problems caused by retrying failed connections. ... We have good evidence that it can be used without compatibility problems.  MORE

But Steve Ragan dismisses all this talk as hyperbole:

The vulnerability is something that most researchers have speculated / known about for some time. ... This problem with SSLv3 has been around for a while, and many experts have called for the removal of SSLv3 because of it.

However, cutting out SSLv3 entirely and suddenly could cause issues if it's needed for legacy systems.  MORE

Meanwhile, Jeff Jarmoc warns it's not as simple as some are making out:

If you're disabling SSLv3 today, don't forget other SSL terminators: corporate gateway middleboxes, load balancers, etc.

Can't even update root stores on some.  MORE

Update: David Hamilton gets the details downgraded:

[It] basically takes the Internet's heterogeneity, usually a source of robustness...turning it into a weapon.

If a Web server isn't set up to use the most current form of encryption, most browsers will agreeably fall back to an older form. ... But an attacker can actually trigger this "downgrade dance" [then] a malicious party can go to work breaking the encryption using a previously identified attack called Beast.

There are a few things you can do to protect yourself. ... In Chrome, you'll have to issue the command-line flag --ssl-version-min=tls1 ... In Firefox, [set] security.tls.version.min [to] "1" ... In Internet Explorer...uncheck "Use SSL 3.0."  MORE


You have been reading IT Blogwatch by , who curates the best bloggy bits, finest forums, and weirdest websites… so you don't have to. Catch the key commentary from around the Web every morning. Hatemail may be directed to @RiCHi or itbw@richi.uk. Opinions expressed may not represent those of Computerworld. Ask your doctor before reading. Your mileage may vary. E&OE.

Shop Tech Products at Amazon