公告:POODLE威胁需及时关注

2014/10/22

This year is a difficult year for Internet security. Which appeared a large number of data leakage, especially for-sale systems. In addition there pose a threat to Linux servers SSL Heartbleed vulnerabilities and data kidnapping extortion software.

What is the next one will be? You believe POODLE attack?

In the October 14, 2014, Google disclosed researchers ‘POODLE’ vulnerability allows an attacker to use an encrypted connection to the site SSL3.0 protocol decryption. Disable SSL 3.0 sites can alleviate this problem.

POODLE threatening situation is completely different with Heartbleed vulnerabilities, Heartbleed allows hackers to bypass encryption. Hackers will get “Keys to the Kingdom”, reads your privacy and do important communications. Comodo recommends that you take prompt action to prevent POODLE vulnerabilities.

What is POODLE attack?

POODLE special attack SSL3.0. It allows the establishment of a “middleman” server hacker is usually possible to recover encrypted data. The most likely attack vector is a hacker gains session cookies.

“Cafe” attack is an example of a “middleman” attacks. In this case, the hacker will be established in the cafe of a computer to broadcast the cafe looks the same wireless network signal. Victims will inadvertently connect to the attacker’s wireless network instead cafe wireless network, and the Internet traffic of all victims provides hackers to intercept and record. If the link has been encrypted, so this type of attack usually be stopped. However, POODLE vulnerabilities appear, in theory, can be used to encrypt session data SSL3.0 decryption.

While most sites have used more secure TLS protocol to replace SSL3.0, but the problem appears in the browser and the client connection downgrade, causing SSL3.0 protocol vulnerabilities is still there. Mozilla and Google have been quick to take action in their latest version of Firefox and Chrome browsers disable this behavior. However, the site owner can “force” the implementation and disabled on the server side, preventing any browser uses SSL3.0.

Understand the impact of the attack POODLE

“POOLDE attack will not affect your Comodo certificate , and you need to replace or reissue certificates

“The vulnerability is present in SSL3.0 agreement. But in today’s most secure connection, SSL3.0 has been replaced by TLS protocol. According to research by the University of Michigan Mozilla, SSL3.0 in all security business accounts for only 0.3%.

“The vulnerability scope” real world “is subject to the establishment of a” middleman “attacks use restrictions.

“If your site is dependent on any SSL3.0, we recommend that you immediately disabled. SSL3.0 supported by disabling or stop using SSL3.0 CBC mode encryption is sufficient to alleviate the problem.

How do I know if your website is affected?

In https://sslanalyzer.comodoca.com enter your URL. Use SSL3.0 site will show “vulnerable to attack POODLE”

How do I solve this problem?

To alleviate this problem, Comodo recommends web server operators must be disabled SSL3.0. Google also recommends that browsers and web servers use TLS_FALLBACK_SCSV, that is, the signal encryption Transport Layer Security protocol suite to prevent degradation. If your site is affected or you think your site may be affected, please contact the supplier immediately your web host provider, network operator or SSL server equipment.

This attack was revealed shortly, many major Internet companies to renounce support SSL3.0. Including Google Chrome, Mozilla Firefox, Twitter, and so on CloudFlare.

Comodo will begin to implement TLS_FALLBACK_SCS, then SSLv3 support will be removed from our server as soon as possible.

If I disabled SSL3.0 what happens to my network server?

Distributed in the Internet Explorer 6 for Windows XP might be still “dependent” SSL3.0 most significant browser software. Rather, IE6 support TLS, but is disabled by default, which means that the average user will continue to use SSL3.0, unless they enter the browser settings to enable TLS. Disable SSL3.0 means that most of the XP / IE 6.0 users who are not supported by the secure session at your site.

However, Window XP and IE 6.0 has several years have not been supported by Microsoft, so the appeal of the software user upgrade as soon as possible. Comodo strongly recommend website operators active on their websites to encourage disabled SSL3.0 visitors using older browsers upgrade.

If you want to POOLDE further suggestion, we recommend that you contact your webhost support.

Further Reading

http://googleonlinesecurity.blogspot.nl/2014/10/this-poodle-bites-exploiting-ssl-30.html

https://www.imperialviolet.org/2014/10/14/poodle.html

http://blog.erratasec.com/2014/10/some-poodle-notes.html

https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/

Tags:

Write a comment

Name
Comment