Pages

Subscribe:

Ads 468x60px

  • Blockquote

    Sed dignissim mauris nec velit ultrices id euismod orci iaculis. Aliquam ut justo id massa consectetur pellentesque pharetra ullamcorper nisl...

  • Duis non justo nec auge

    Sed dignissim mauris nec velit ultrices id euismod orci iaculis. Aliquam ut justo id massa consectetur pellentesque pharetra ullamcorper nisl...

  • Vicaris Vacanti Vestibulum

    Sed dignissim mauris nec velit ultrices id euismod orci iaculis. Aliquam ut justo id massa consectetur pellentesque pharetra ullamcorper nisl...

Tuesday, October 14, 2014

Google researchers discover POODLE, an exploit targeting Open SSL 3.0




Phandroid





Google researchers discover POODLE, an exploit targeting Open SSL 3.0



Poodle Baxter Olea


Posted on Google’s Online Security Blog, three Google researches have published a report detailing a nasty online security bug they’re calling POODLE (“Padding Oracle On Downgraded Legacy Encryption”). This POODLE attack targets a specific vulnerability in Open SSL 3.0 which, for the most part, hasn’t been used in over a decade. Even so, it’s still widely supported and is the reason Google is urging all system admins to discontinue support for the protocol.


Also known as Poodlebleed, the attack is similar to the Heartbleed exploit we saw causing a panic around the net earlier this year and allows for hackers to potentially intercept and replace data being sent/received during a “secure” HTTPS session. By publishing the exploit Google not only gives sysadmins a head start in patching everything up, but at the same time, provides all sorts nefarious characters around the net with everything the need to exploit the newly discovered vulnerability. For more info on POODLE, check out Google’s PDF here (download).


For instructions on preventing this SSLV3 fallback in Chrome and Firefox, check out the researcher’s blog post here.


[ImperialViolet.org | via The Verge]








0 comments:

Post a Comment