Poodle
Name: POODLE – “Padding Oracle On Downloaded Legacy Encryption”
Threat Type: Attack
Severity: 5
Target: SSL v3
Release Date: 14th October 2014
Attack Surface: Small/Medium – Use of SSL v3 is being phased out in favour of TLS.
Summary: Network attacker uses POODLE to target elements of an SSL connection to extract plaintext , usually cookies, in a similar fashion to the BEAST attack. Whilst this is still a relatively complicated attack, it is more simple and practical than BEAST in that it doesn’t require as much control of the format of the plaintext. Attacker could potentially steal data from within an encrypted SSL session, such as that to a banking website. Relies on attacker being a “man-in-the-middle”, e.g. by providing a rogue public wifi.
Root Cause: Design flaw in SSL which authenticates before encrypting.
Remediative Action: Server managers should disable instances of SSLv3, or by disabling CBC-mode ciphers in SSLv3, but this could have some compatibility issues with older browsers. End users should use trusted networks to access secure sites, and ensure they use up-to-date browsers which will support any locked down secure web services without compatibility issues.
Cognition View: For what has probably been the worst named attack in IT Security history, there’s nothing cute about POODLE. It’s more serious than its cousin BEAST and will definitely do more damage. This is aimed at a protocol people shouldn’t really be using anymore, (but probably are), so hopefully this is the kick up the arse that a lot of server admins need to get their systems up-to-date. Additionally, sysadmins should use any Press around this attack to help push through projects and change requests for system optimisation, tuning and patching. A bit of fear, uncertainty and doubt can be a great tool when used for the right reasons at the right time.
The attack itself is still pretty complicated to pull off, particularly since it requires being in-line of the traffic as a man-in-the-middle. So if I were an attacker I’d be setting up a few rogue internet wifi points at coffee shops ASAP before servers get patched. And for the rest of us, we should (as ever) be highly cautious of using third party wifi and if we really have to then utilise a VPN service wherever possible. As an end user, this isn’t big news, just keep being cautious and continue with your normal day-to-day. But for server admins, this is patching time – go and assess your completely accurate CMDB (yeah right) to see what instances of SSL you run in the organisation and get to work. Enjoy!
Full Details: https://www.openssl.org/~bodo/ssl-poodle.pdf
The post Poodle appeared first on Cognition.
About Cognition
Cognition is a Specialist Cyber Security Integrator, focused on delivering the very best security guidance and providing an unprecedented level of service. The team is comprised solely of industry experts with each providing the best intelligence with a real world approach. It is this philosophy that enables Cognition to cut through the complexity of today’s threat landscape and provide the latest innovative security solutions that deliver true business value. Learn more about Cognition at https://cognitionsecure.com.