Poodle – SSLv3 Vulnerability
October 15, 2014In the space of a month, yet another security vulnerability has been identified and announced.
Known as the ‘SSLv3 protocol vulnerability and POODLE Attack’, (aka “POODLEbleed”, referencing the the recent Heartbleed vulnerability), the SSL Man In The Middle (MITM) Information Disclosure Vulnerability (CVE-2014-3566) affects version 3.0 of SSL, which was introduced in 1996, and has since been superseded by several newer versions of its successor protocol, TLS. However, the vulnerability may still be exploited because SSL 3.0 continues to be supported by nearly every Web browser and a large number of Web servers.
When web browsers fail at connecting on a newer SSL version (i.e. TLS 1.0, 1.1, or 1.2), they may fall back to a SSL 3.0 connection. Because a network attacker can cause connection failures, including the failure of TLS 1.0/1.1/1.2 connections, they can force the use of SSL 3.0 and then exploit the poodle bug in order to decrypt secure content transmitted between a server and a browser.
All systems and applications utilizing the Secure Socket Layer (SSL) 3.0 with cipher-block chaining (CBC) mode ciphers may be vulnerable. However, the POODLE (Padding Oracle On Downgraded Legacy Encryption) attack demonstrates this vulnerability using web browsers and web servers, which is one of the most likely exploitation scenarios.
On 26 September 2014, the Shellshock vulnerability affecting many versions of Linux and Unix, was announced.
Digital Tsunami hosts the websites of listed companies and multi-national corporations (MNCs) on their private clouds or international brands and national SMEs on private clouds which are exclusive to Digital Tsunami clients.
Security is uppermost in the priorities of Digital Tsunami and sites are constantly monitored and hardware and software maintained for maximum protection.
For enquiries on advanced security for your web presence, please contact Digital Tsunami Sales or Technical Support.
Read more items related to security.
External References:
Online Poodle Bug Server Test
Poodlebleed.com
Red Hat Security Advisory on POODLE
Symantec
Trend Micro
US Computer Emergency Readiness Team, Alert TA14-290A
From Our Clients
.. a reliable and steadfast operator, with a keen sense of service. Innovative and contemporary, and operating within the upper echelon.
We were very happy with the development process and the outcome. The objectives have all been achieved, in terms of usability and ease of use in updating the site. You definitely nailed both of these.
With a brief timeline to ensure we had a web presence and launch coinciding with our 10 year anniversary, Digital Tsunami delivered. On time. On budget. Great Effort!
Clients have really appreciated the video .. sales staff are so pleased to have this tool. It is very empowering to show.
Digital Tsunami has supported us for many years now, and we continue to be impressed by the standard of service and advice. We not only get quality web design and implementation, but also honest feedback and suggestions which are crucial to the final product.
Digital Tsunami is able to discuss ideas with us and then develop them into a practical solution online, and this ‘team’ effort ensures the results are of the highest quality.
When our website is the first thing people look to when making an assessment on our company, I’m pleased to know that we have Andrew and his team behind us.