POODLE like it’s 1999

Clock Icon 2 min read

1999 was a pretty interesting year for the Internet and security. To jog your memory, here are just a few of the major events from the ultimate (or penultimate, depending on your point of view) year of the last millennium.

  • The Melissa Virus was infecting millions of hosts using malicious e-mails.
  • Both Napster and MySpace made their first public appearances.
  • Internet Explorer 5.0 was released for Windows 3.1, 95 and 98.
  • The TLSv1 specification was published to replace SSLv3 to improve security of Internet communications.

In the 15 years since TLS was introduced it has been widely adopted, but in many ways SSLv3 has hung on. The two specifications are very similar, but not interoperable and applications that implement TLS are often capable of falling back to SSL to support legacy servers. Cryptologists have slowly chipped away at the security of SSL over the last decade, discovering ways to reveal larger and larger pieces of information from encrypted sessions.

This week three Google researchers announced the latest attack on SSLv3 (named POODLE), which may prove to be the deathblow for this protocol. The POODLE (Padding Oracle On Downgraded Legacy Encryption) attack allows an attacker who is already in the network path between the client and server to decrypt portions of the SSL session, including HTTP cookie data used for authentication.

As all modern browsers and most servers support TLS, this attack should only apply to a small number of connections, but that is not the case. When most browsers fail to connect using TLS, they assume the server must be expecting SSL and downgrade their connections to the vulnerable protocol.  This means that even two TLS-capable systems can be forced into using SSLv3 by an attacker who controls the network path. That attacker can then decrypt parts of the encrypted channel without the server or client’s knowledge.

The only permanent fix for POODLE is disabling the SSLv3 protocol completely. This can be done either from the server side or the client side depending on the applications. To address this issue, our IPS team issued an emergency update this morning, which contains a signature that alerts on any SSLv3 connection.

Severity ID Attack Name CVE ID
low 36815 SSLv3 Found in Server Response CVE-2014-3566

Hits on this signature do not indicate an attack is underway, but any SSLv3 session should be considered vulnerable to POODLE and potentially compromised.

Enlarged Image