Google exposes ‘Poodle’ flaw in Web encryption standard

Posted on by

Three Google security engineers uncover a major vulnerability in the older -- but still supported -- Web encryption standard SSL 3.0. Experts say fixing it is impossible and upgrading will be difficult.

A 15-year-old encryption protocol for browsers and websites is now too vulnerable to safely use. CNET

Older Web technology continues to be dogged by revelations that show how insecure it is. A trio of Google security engineers proved that the encryption standard Secure Socket Layer can be circumvented thanks to a new vulnerability they dubbed "POODLE."

POODLE is a new security hole in Secure Socket Layer (SSL) 3.0 that makes the 15-year-old protocol nearly impossible to use safely, said Google security engineers Bodo Mller, Krzysztof Kotowicz and Thai Duong in a new report published on Tuesday.

The vulnerability allows encrypted, ostensibly-secret information to be exposed by an attacker with network access. POODLE, which stands for Padding Oracle On Downgraded Legacy Encryption (PDF), is a problem because it's used by both websites and Web browsers. Both must be reconfigured to prevent using SSL 3.0, and POODLE will remain a problem as long as SSL 3.0 is supported.

While SSL 3.0 is no longer the most advanced form of Web encryption in use, Mller explained browsers and secure HTTP servers still need it in case they encounter errors in Transport Layer Security (TLS), SSL's more modern, less vulnerable younger sibling.

The good news is that not much of the Web relies on SSL 3.0 anymore. A study by the University of Michigan shows that few sites rely on SSL 3.0 for anything. Less than 0.3 percent of communication between site and server depends on SSL 3.0, while 0.42 percent of the top 1 million domains on Alexa use it in even partially.

The reason that POODLE is a problem is that attackers can force your browser to downgrade to SSL 3.0.

If either browser or server runs into problems connecting with TLS, sites and browsers will often fall back to SSL. The problem is that attackers can force a connection failure which would force a site to use SSL 3.0, which would then expose it to hackers.

Because disabling SSL 3.0 outright causes compatibility problems for sites and servers, Mller recommended that administrators for both add support for TLS_FALLBACK_SCSV, a TLS protocol that blocks attackers from conning browsers into downgrading to not only SSL 3.0, but TLS 1.0 and 1.1 as well. It "may help prevent future attacks," he wrote.

Read the rest here:
Google exposes 'Poodle' flaw in Web encryption standard

Related Posts
This entry was posted in $1$s. Bookmark the permalink.