NNSquad - Network Neutrality Squad

NNSquad Home Page

NNSquad Mailing List Information


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ NNSquad ] This POODLE bites: exploiting the SSL 3.0 fallback

This POODLE bites: exploiting the SSL 3.0 fallback

(Google): http://googleonlinesecurity.blogspot.com.au/2014/10/this-poodle-bites-exploiting-ssl-30.html

   "Today we are publishing details of a vulnerability in the design of
    SSL version 3.0. This vulnerability allows the plaintext of secure
    connections to be calculated by a network attacker. I discovered this
    issue in collaboration with Thai Duong and Krzysztof Kotowicz (also
    Googlers).  SSL 3.0 is nearly 15 years old, but support for it remains
    widespread. Most importantly, nearly all browsers support it and, in
    order to work around bugs in HTTPS servers, browsers will retry failed
    connections with older protocol versions, including SSL 3.0. Because a
    network attacker can cause connection failures, they can trigger the
    use of SSL 3.0 and then exploit this issue."

 - - -

Lauren Weinstein (lauren@vortex.com): http://www.vortex.com/lauren 
 - Network Neutrality Squad: http://www.nnsquad.org 
 - PRIVACY Forum: http://www.vortex.com/privacy-info
Co-Founder: People For Internet Responsibility: http://www.pfir.org/pfir-info
Member: ACM Committee on Computers and Public Policy
I am a consultant to Google -- I speak only for myself, not for them.
Lauren's Blog: http://lauren.vortex.com
Google+: http://google.com/+LaurenWeinstein 
Twitter: http://twitter.com/laurenweinstein
Tel: +1 (818) 225-2800 / Skype: vortex.com
nnsquad mailing list