SafeLogic Blog

Putting a Muzzle on POODLE

Written by Ray Potter | Oct 15, 2014 8:24:51 PM

You may have seen the news about POODLE recently.  The good news is that it's not as severe as Heartbleed, which affected server-side SSL implementations and had repercussions across most web traffic. The bad news is that it's still seriously nasty.

POODLE is an acronym for Padding Oracle On Downgraded Legacy Encryption and essentially allows an attacker to decrypt SSL v3.0 browser sessions. This man-in-the-middle attack has one major constraint: the attacker has to be on the same wireless network.

That renders POODLE irrelevant because everyone locks down their wireless networks, right? Oh yeah, except those customer-friendly coffee shops with public wifi. In places like Palo Alto, you can bet there is a *lot* of interesting information going over the air there. Or at conferences, where diligent employees handle pressing business and aggressive stock traders log in to their account to buy the stock of the keynote speaker (or short it if his presentation lacks luster).  The threat is real - session hijacking and identity theft are just the tip of the iceberg.

It's worth noting that this is a protocol-specific vulnerability and not tied to vendor implementation (such as Heartbleed with OpenSSL and the default Dual_EC_DRBG fiasco with RSA). That makes it a mixed bag. The issue affects a wide variety of browsers and servers (Twitter, for example, scrambled to disable SSLv3 altogether), but users do have some control.  This is because SSLv3 can also be disabled in the client within some browser configurations, so check your current settings for vulnerability at PoodleTest.com and install any patches when available for your browser.

Some browser vendors have already made moves to patch against this threat and permanently disable SSLv3.  Meanwhile, others have dubbed server-side vulnerability "Poodlebleed" and offer a diagnostic tool to assess connectivity.

From a government and compliance perspective, Federal agencies should be using TLS 1.1 according to Special Publication 800-52 Rev 1. TLS 1.1 is not susceptible to POODLE. FIPS 140 validations and SafeLogic customers are not affected.

If you're interested in a deep dive, I recommend this fantastic technical post by Daniel Franke, which also provides a great history of SSL and its challenges.