If you were hit by heart bleed and later got a shell shock, as if these weren’t enough you are likely to be bitten by the newly discovered ‘poodle’ vulnerability (yet another acronym for the newly discovered bug that stands for Padding Oracle On Downloaded Legacy Encryption)!
The heart bleed bug made it possible for attackers to steal data from a server including the keys to decode any encrypted contents. Shellshock a more serious bug made it possible for hackers to take control of millions of mahcines around the world queitly without notice. And now this new breed of bug, poodle, was found in a 15-year-old web encryption technology called SSL 3.0. SSL, which stands for Secure Sockets Layer, a technology that encrypts a user’s browsing session, making it difficult for anyone using the public Wi-Fi to eavesdrop. The Poodle bug makes it possible for hackers to hijack their victim’s browsing session and do things like take over their email, online banking, or social networking account.
Major players Microsoft, Google and Mozilla recommend disabling SSL 3.0. Security researchs feel that the Poodle bug is more innocuous than heartbleed or Sheelshock, as SSL 3.0 has been largely superceded by a newer encryption protocol called TLS (Transport Layer Security), and also in pulling off a poodle attack the victim has to be actively online and physically close to the attacker, say using the same public Wi-Fi.
Many TLS implementations provide backwards compatibility with SSL 3.0 to interoperate with legacy systems in the interest of a smooth user experience. The protocol handshake provides for authenticated version negotiation; normally the latest protocol version common to the client and the server will be used. However, even if a client and server both support a version of TLS, the security level offered by SSL 3.0 is still relevant since many clients implement a protocol downgrade to work around serverside interoperability bugs. Attackers can exploit the downgrade dance and break the cryptographic security of SSL 3.0. The POODLE attack will allow them, for example, to steal “secure” HTTP cookies (or other bearer tokens such as HTTP Authorization header contents).
Read more technical details at https://www.openssl.org/~bodo/ssl-poodle.pdf.
Aegify suite of tools – security, compliance and risk management provide a rich set of solutions for identifying vulnerabilities that continuously emerge and threaten businesses and indidividuals ensuring that such risks are properly identified and addressed, and all the while remaining compliant to various regulatory requirements.
Aegify Security Posture Management, an innovative and completely cloud-based automated and integrated security monitoring and compliance assessment tool helps enterprises to take away the complexity of maintining a secure posture and ensuring compliance. This tool simplifies the protection of their physical and virtual environment and IT infrastructure from security breaches by cyber attackers while also meeting regulatory requirements. Equipped with distinct features such as continuous security monitoring, vulnerability management engine, physical and virtual network scans, interoperability, re-mediation and multi-layered vulnerability analysis, Aegify’s security solutions provides a complete end-to-end and comprehensive solution to identify security gaps and help enterprises apply related patches or use virtual patching.