Warning: There’s a rabid POODLE running loose in SSL
This Wednesday, researchers at Google published a paper stating that there is a new Internet-wide security vulnerability affecting version 3 of the Secure Sockets Layer protocol. This is a protocol used to encrypt traffic between your browser and a web server or your email client and an email server. Attackers who leverage this vulnerability could use it to intercept and decrypt session cookies, which would enable them to log into your online accounts without a password.
POODLE, which stands for Padding Oracle on Downgraded Legacy Encryption, is primarily a concern for users who connect to the Internet through public networks. Attackers must be on the same network as you to leverage the vulnerability, and furthermore you must be using SSLv3 to communicate with a server. The good news is that unless you are using technology from about 13 years ago (namely, Internet Explorer 6 on Windows XP), your machine is most likely using the more modern and invulnerable TLS protocol to perform encryption. Researchers have indicated, however, that some computers will automatically downgrade to SSLv3 in instances where TLS communication fails. It is this last possibility that will give attackers the greatest opportunity to perform POODLE exploitation.
Besides acting as yet another nail in the XP coffin, POODLE may spell trouble for users who connect to the Internet through networks outside of their home. If that’s you, and you’re looking for more information on why vulnerabilities like POODLE can be a problem in public networks, check out our recent Security Knowledge article on firewalls, and consider adding a software-based firewall like Emsisoft Internet Security to your armory.
To find out if your browser is vulnerable to POODLE, you can now also navigate to PoodleTest.com.
Have a great (POODLE-free) day!
System administrators looking for technical threat mitigation measures, see a statement from Google on POODLE here.
Alert: Microsoft Zero Day from Sandworm Cyberspies!