Published On: May 14th, 2015/Categories: Cognition, Data Security/4.5 min read/

Poodle

Name: POODLE – “Padding Oracle On Downloaded Legacy Encryption”

Threat Type: Attack

Severity: 5

Target: SSL v3

Release Date: 14th October 2014

Attack Surface: Small/Medium – Use of SSL v3 is being phased out in favour of TLS.

Summary: Network attacker uses POODLE to target elements of an SSL connection to extract plaintext , usually cookies, in a similar fashion to the BEAST attack. Whilst this is still a relatively complicated attack, it is more simple and practical than BEAST in that it doesn’t require as much control of the format of the plaintext. Attacker could potentially steal data from within an encrypted SSL session, such as that to a banking website. Relies on attacker being a “man-in-the-middle”, e.g. by providing a rogue public wifi.

Root Cause: Design flaw in SSL which authenticates before encrypting.

Remediative Action: Server managers should disable instances of SSLv3, or by disabling CBC-mode ciphers in SSLv3, but this could have some compatibility issues with older browsers. End users should use trusted networks to access secure sites, and ensure they use up-to-date browsers which will support any locked down secure web services without compatibility issues.

Cognition View: For what has probably been the worst named attack in IT Security history, there’s nothing cute about POODLE. It’s more serious than its cousin BEAST and will definitely do more damage. This is aimed at a protocol people shouldn’t really be using anymore, (but probably are), so hopefully this is the kick up the arse that a lot of server admins need to get their systems up-to-date. Additionally, sysadmins should use any Press around this attack to help  push through projects and change requests for system optimisation, tuning and patching. A bit of fear, uncertainty and doubt can be a great tool when used for the right reasons at the right time.

The attack itself is still pretty complicated to pull off, particularly since it requires being in-line of the traffic as a man-in-the-middle. So if I were an attacker I’d be setting up a few rogue internet wifi points at coffee shops ASAP before servers get patched. And for the rest of us, we should (as ever) be highly cautious of using third party wifi and if we really have to then utilise a VPN service wherever possible. As an end user, this isn’t big news, just keep being cautious and continue with your normal day-to-day. But for server admins, this is patching time – go and assess your completely accurate CMDB (yeah right) to see what instances of SSL you run in the organisation and get to work. Enjoy!

Full Detailshttps://www.openssl.org/~bodo/ssl-poodle.pdf

The post Poodle appeared first on Cognition.

Cognition Logo

About Cognition

Cognition is a Specialist Cyber Security Integrator, focused on delivering the very best security guidance and providing an unprecedented level of service. The team is comprised solely of industry experts with each providing the best intelligence with a real world approach. It is this philosophy that enables Cognition to cut through the complexity of today’s threat landscape and provide the latest innovative security solutions that deliver true business value. Learn more about Cognition at https://cognitionsecure.com.

 

Share This Post!

About the Author: Carl Gottlieb
I'm the trusted privacy advisor to leading tech companies, helping them gain maximum advantage through the right privacy strategy. My consultancy company Cognition provides a range of privacy and security services including Data Protection Officers, in-depth assessments and virtual security engineers. Get in touch if you'd like to learn more.

Related articles