Poodle – CVE-2014-3566

Time for the next big security flaw! This time Googles Security Team have discovered a vulenerability in SSL 3.0 and the list of targets is huge. All implementations of SSL 3.0 is vulnerable for attacks and the recommended to disable SSL 3.0 as soon as possible. (As a mather of fact, SSL 3.0 is over 15 years old, and for obvious reasons already outdated. But it´s still widely spread for compability reasons.)

But there is a lot of factors that makes an attack less likely. For example a “man-in-the-middle” to exploit, in most cases Java have to be enabled on the client side and if someone tries to attack you the can take control of your sessions, but not steal your password.

A test to see if your browser is vulnerable can be done here: https://www.poodletest.com/

More info:

http://googleonlinesecurity.blogspot.se/2014/10/this-poodle-bites-exploiting-ssl-30.html

https://technet.microsoft.com/en-us/library/security/3009008.aspx

http://blog.erratasec.com/2014/10/some-poodle-notes.html#.VD4xhPl_u-4

Leave a Reply

Your email address will not be published. Required fields are marked *