poodle - Padding Oracle On Downgraded Legacy Encryption SSL vulnerability

[Lynx-lynx]

POODLE (Padding Oracle On Downgraded Legacy Encryption) SSL vulnerability - seems we have to be worried about poodles now.

I confess to not really understanding much about this, but I'm sure that others on this forum will. Hereunder is some basic info and links. (And a big thank you to bookmarked in the Kobo Discounts thread who brought poodle to our attention )

Here's what Mozilla says:

Quote:

The POODLE attack can be used against any browser or website that supports SSLv3. This affects all current browsers and most websites. As noted above, only 0.3% of transactions actually use SSLv3. Though almost all websites allow connections with SSLv3 to support old browsers, it is rarely used, since there are very few browsers that don’t support newer versions of TLS.

https://blog.mozilla.org/security/20...nd-of-ssl-3-0/

From http://www.theregister.co.uk/2014/10..._fixit_for_ie/

Quote:

Microsoft has issued new guidance on the POODLE (Padding Oracle On Downgraded Legacy Encryption) SSL vulnerability, including a one-click utility that can automatically disable SSL 3.0 in Internet Explorer.

The Fix It utility, which was released on Wednesday, is a reversible workaround for all versions of Redmond's browser from IE6 through IE11 – although sticking with buggy, ancient IE6 still really isn't a good idea.

"If you are currently using older versions of IE, such as IE 6, we recommend you upgrade to a newer browser as soon as possible, in addition to using the Fix it released today," Redmond said in a security advisory, while throwing in a plug for its latest, IE11.

In addition, Microsoft says it is planning to issue updates that will disable fallback to SSL 3.0 in IE, then disable SSL 3.0 in IE altogether by default, within the coming months.

From cnet : http://www.cnet.com/au/news/apple-du...o-poodle-flaw/
------------------
Apple said Wednesday it will stop supporting the encryption standard Secure Sockets Layer 3.0 for its push notifications service in response to a vulnerability identified earlier this month in the aging protocol.

Spoiler:

Apple announced on its developer site that it will switch on October 29 from SSL 3.0 to Transport Layer Security (TLS), SSL's more modern, less vulnerable younger sibling. Disclosed earlier this month, the vulnerability -- called Poodle -- allows encrypted information to be exposed by an attacker with network access.

"Providers using only SSL 3.0 will need to support TLS as soon as possible to ensure the Apple Push Notification service continues to perform as expected," Apple said in its bulletin. "Providers that support both TLS and SSL 3.0 will not be affected and require no changes."

To help developers test compatibility, Apple said it has already disabled SSL 3.0 in the development environment on its Provider Communication interface.

Poodle, which stands for Padding Oracle On Downgraded Legacy Encryption (PDF), is a problem because it's used by both websites and Web browsers. Both must be reconfigured to prevent using SSL 3.0, and Poodle will remain a problem as long as SSL 3.0 is supported.

Once the most advanced form of Web encryption in use, the 15-year-old SSL 3.0 is used by few websites anymore, according to a study by the University of Michigan. However, Poodle still poses a threat because attackers can force browsers to downgrade to SSL 3.0.

Twitter already notified its users that it has disabled SSL 3.0 support, while Mozilla advised Firefox users to install a Mozilla security add-on that disables SSL 3.0. Along with Google and Mozilla, the University of Michigan researchers detailed how to disable SSL 3.0 for Internet Explorer.

Mozilla plans to disable SSL 3.0 in Firefox 34, the next version of the open-source browser. It's currently in beta testing, with a release planned for the end of November. Mozilla has been testing the change in its Aurora version of Firefox, the precursor to the beta version, and so far, "There has been much less screaming about this than I anticipated," said Mozilla's Martin Thomson on Wednesday, discussing the change on Mozilla's bug-tracker. Complaints would come from people who couldn't use Web sites that required SSL 3.0.

A site that tests your browser for vulnerability issues: https://www.poodletest.com/

(And yep mine was vulnerable when I tested it, so I downloaded the Mozilla fix and now it's not)

[rollei]

Quote:

Originally Posted by Lynx-lynx

A site that tests your browser for vulnerability issues: https://www.poodletest.com/

Thank you for posting this. The poodletest.com site is also extremely helpful.

My results:
Firefox 33.0.2 is not vulnerable.
Internet Explorer 11 is vulnerable.

[eschwartz]

FF 33.0.2 is vulnerable, Mozilla will disable SSLv3.0 in FF34.

[Lynx-lynx]

How does one know if they've been affected by this vulnerability, I'm a bit confused ....

[rollei]

Quote:

Originally Posted by eschwartz

FF 33.0.2 is vulnerable, Mozilla will disable SSLv3.0 in FF34.

That's what I thought. Mozilla disabling SSLv3.0 in FF34 which will be released Nov 25.

https://blog.mozilla.org/security/20...nd-of-ssl-3-0/

But when I run poodletest.com, the results are not vulnerable for Firefox 33.0.2. Poodletest.com reported "your browser doesn't support SSLv3, or only supports SSLv3 using stream ciphers". See pic.

Did you think poodletest.com is inaccurate?

[eschwartz]

It is possible some other part of your PC setup protected you. But I am running the same FF release and am vulnerable, so I'd trust Mozilla on this.

[rollei]

Quote:

Originally Posted by Lynx-lynx

How does one know if they've been affected by this vulnerability, I'm a bit confused ....

The simplest method is to click that link that you provide.

https://www.poodletest.com/

If your browser is not vulnerable, you will see a Springfield Terrier and "not vulnerable" as in my pic earlier. If your browser is vulnerable, you will see a poodle with the "vulnerable" caption.

You will know for sure you are not vulnerable when you upgrade to Firefox 34 which will be released Nov 25. Internet Explorer is at present vulnerable, Microsoft is working on fixing this, I expect a patch will be delivered via Windows Update sometime in future.

[rollei]

Quote:

Originally Posted by eschwartz

It is possible some other part of your PC setup protected you. But I am running the same FF release and am vulnerable, so I'd trust Mozilla on this.

Are you saying you are running FF 33.0.2 and when you click poodletest.com, you get a "vulnerable" response?

[Lynx-lynx]

Quote:

Originally Posted by rollei

The simplest method is to click that link that you provide.

https://www.poodletest.com/

If your browser is not vulnerable, you will see a Springfield Terrier and "not vulnerable" as in my pic earlier. If your browser is vulnerable, you will see a poodle with the "vulnerable" caption.

You will know for sure you are not vulnerable when you upgrade to Firefox 34 which will be released Nov 25. Internet Explorer is at present vulnerable, Microsoft is working on fixing this, I expect a patch will be delivered via Windows Update sometime in future.

Thanks Rollei but I've already installed the Mozilla patch.

What I'm asking is how would someone know if they had been affected. What symptoms so to speak.

[eschwartz]

Quote:

Originally Posted by rollei

Are you saying you are running FF 33.0.2 and when you click poodletest.com, you get a "vulnerable" response?

Yes.

In general these sort of tests are better for proving the presence of vulnerabilities, because if you are vulnerable once you can and will be again.

However, saying you aren't vulnerable... is it because you truly are protected, or because anything down to a random glitch prevented the connection going through and thus fooled the test?

I remember the same confusion wih the Heartbleed tests, but at least those warned you of the uncertainty.

[eschwartz]

Quote:

Originally Posted by Lynx-lynx

Thanks Rollei but I've already installed the Mozilla patch.

What I'm asking is how would someone know if they had been affected. What symptoms so to speak.

When "All Your Data Are Belong To Us".

[cromag]

Quote:

Originally Posted by rollei

Are you saying you are running FF 33.0.2 and when you click poodletest.com, you get a "vulnerable" response?

I have FF 33.0.2 and I do see a poodle with the "Vulnerable" caption.

[rollei]

Quote:

Originally Posted by eschwartz

Yes.

In general these sort of tests are better for proving the presence of vulnerabilities, because if you are vulnerable once you can and will be again.

However, saying you aren't vulnerable... is it because you truly are protected, or because anything down to a random glitch prevented the connection going through and thus fooled the test?

I remember the same confusion wih the Heartbleed tests, but at least those warned you of the uncertainty.

That poodletest.com may not be accurate, I ran a test from SSL labs and got a vulnerable status.

SSL Labs link to test Poodle vulnerability:
https://www.ssllabs.com/ssltest/viewMyClient.html

[bookmarked]

As far as I know, there isn't any widespread attack taking advantage of POODLE yet.

I believe that full protection in Firefox will come when they change the default setting to disable SSLv3 in FF34 which will be released 11/25/2014. Or you can turn it off yourself now.

If you want to disable SSLv3 in Internet Explorer (which is easy) or Firefox (pretty easy) or Chrome (involves modifying the shortcut you use to launch it), there are detailed instructions here (scroll down a bit). Note that if you are still using IE6, you also need to enable TLS 1.0 because it's not enabled by default.

No one should still be using SSLv3 anymore (it was developed by Netscape in 1996 and later replaced by TLS) but it's possible some ancient website still is. Here's a comment from one of the SANS ISC articles

Quote:

Oops! Turning-off SSLV3 in Internet Explorer 11 (under Windows 7 Professional) causes the "online court services" web-site of one very-western Canadian Attorney-General branch of that provincial government to generate a message that SSLV3 needs to be turned-on before one can search for civil court proceedings or disputed parking tickets or criminal court proceedings.
Sigh.

If you want a more detailed POODLE test, try the Qualys SSLLabs page at https://www.ssllabs.com/ssltest/viewMyClient.html . It shows the ciphers involved, which is important because POODLE is a problem for SSLv3 only with a particular type of cipher.

For more technical information:
SSL 3 is dead, killed by the POODLE attack
POODLE: Turning off SSLv3 for various servers and client
SSLv3 POODLE Vulnerability Official Release

[rollei]

Quote:

Originally Posted by cromag

I have FF 33.0.2 and I do see a poodle with the "Vulnerable" caption.

At this point, I believe my FF 33.0.2 is vulnerable.

There is also a SSL Lab test:

https://www.ssllabs.com/ssltest/viewMyClient.html