Fwd: Bulletproof TLS Newsletter: POODLE attack on SSL 3

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Fwd: Bulletproof TLS Newsletter: POODLE attack on SSL 3

stevepiercy
I get this newsletter because I signed up for the excellent free
ebook, "OpenSSL Cookbook".
https://www.feistyduck.com/books/openssl-cookbook/

The author publishes frequent updates, saving me a lot of
Googling for authoritative information.

--steve


====== Forwarded Message ======
Date: 10/16/14 7:57 PM
Received: 10/16/14 2:57 PM -0400
From: [hidden email] (Ivan Ristic)

After days of persistent rumours, a serious SSL 3 vulnerability was
announced late on October 14th [1]. The so-called POODLE attack exploits
the CBC padding as implemented in SSL 3 to retrieve fragments of
encrypted information (e.g., cookies). The attack scenario is complex:
the attacker must execute an active network attack that is a combination
of network-level manipulation and malicious JavaScript executing
in the
victim's browser. But, if those two preconditions are met, the attack
itself is relatively straightforward. If you're interested in the
details, the original announcement comes with a short paper, but
I also
recommend Adam Langley's blog post [2].

We haven't seen a proof of concept yet, but given that the
attack is not
overly complex, it's reasonable to expect that someone will
write it
sooner or later.

The good news is that this problem affects only SSL 3, but the
bad news
is that it's still possible to downgrade modern browsers from whatever
best version they support all the way down to the vulnerable protocol.
(I discuss this in the "Protocol Downgrade Attacks" section in Chapter
6 of Bulletproof SSL and TLS.)

There are two things you should do: 1) disable SSL 3 in your browser
and 2) if at all possible disable SSL 3 in your servers. Please refer
to my blog post for a longer discussion [3]. Scott Helme has a detailed
blog post with step-by-step instructions for popular browsers and
servers [4].

On the SSL Labs side [5], we released three new features
yesterday to
address POODLE: 1) warnings for vulnerable servers, 2) detection
of the
support for TLS_FALLBACK_SCSV (you'll read more about it in my
blog or,
better, in my book) and 3) adding detection of SSL 3 support to the
client test.


[1] This POODLE bites: exploiting the SSL 3.0 fallback
     http://googleonlinesecurity.blogspot.co.uk/2014/10/this-poodle-bites-exploiting-ssl-30.html

[2] POODLE attacks on SSLv3
     https://www.imperialviolet.org/2014/10/14/poodle.html

[3] SSL 3 is dead, killed by the POODLE attack
     http://blog.ivanristic.com/2014/10/ssl3-is-dead-killed-by-poodle.html

[4] SSL v3 goes to the dogs - POODLE kills off protocol
     https://scotthelme.co.uk/sslv3-goes-to-the-dogs-poodle-kills-off-protocol

[5] SSL Labs
     https://www.ssllabs.com

------------------------------------------------------------------------
Thanks,
Ivan

-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
Steve Piercy              Website Builder              Soquel, CA
<[hidden email]>               <http://www.StevePiercy.com/>


#############################################################

This message is sent to you because you are subscribed to
  the mailing list Lasso [hidden email]
Official list archives available at http://www.lassotalk.com
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: Bulletproof TLS Newsletter: POODLE attack on SSL 3

Bil Corry-3
I know Ivan quite well - he knows his stuff.  Highly recommend his book on
TLS:

https://www.feistyduck.com/books/bulletproof-ssl-and-tls/

If you had followed his advice, you wouldn't be susceptible to POODLE as he
recommended to disable SSL 3.

- Bil

On Thu, Oct 16, 2014 at 10:54 PM, Steve Piercy - Website Builder <
[hidden email]> wrote:

> I get this newsletter because I signed up for the excellent free ebook,
> "OpenSSL Cookbook".
> https://www.feistyduck.com/books/openssl-cookbook/
>
> The author publishes frequent updates, saving me a lot of Googling for
> authoritative information.
>
> --steve
>
>
> ====== Forwarded Message ======
> Date: 10/16/14 7:57 PM
> Received: 10/16/14 2:57 PM -0400
> From: [hidden email] (Ivan Ristic)
>
> After days of persistent rumours, a serious SSL 3 vulnerability was
> announced late on October 14th [1]. The so-called POODLE attack exploits
> the CBC padding as implemented in SSL 3 to retrieve fragments of
> encrypted information (e.g., cookies). The attack scenario is complex:
> the attacker must execute an active network attack that is a combination
> of network-level manipulation and malicious JavaScript executing in the
> victim's browser. But, if those two preconditions are met, the attack
> itself is relatively straightforward. If you're interested in the
> details, the original announcement comes with a short paper, but I also
> recommend Adam Langley's blog post [2].
>
> We haven't seen a proof of concept yet, but given that the attack is not
> overly complex, it's reasonable to expect that someone will write it
> sooner or later.
>
> The good news is that this problem affects only SSL 3, but the bad news
> is that it's still possible to downgrade modern browsers from whatever
> best version they support all the way down to the vulnerable protocol.
> (I discuss this in the "Protocol Downgrade Attacks" section in Chapter
> 6 of Bulletproof SSL and TLS.)
>
> There are two things you should do: 1) disable SSL 3 in your browser
> and 2) if at all possible disable SSL 3 in your servers. Please refer
> to my blog post for a longer discussion [3]. Scott Helme has a detailed
> blog post with step-by-step instructions for popular browsers and
> servers [4].
>
> On the SSL Labs side [5], we released three new features yesterday to
> address POODLE: 1) warnings for vulnerable servers, 2) detection of the
> support for TLS_FALLBACK_SCSV (you'll read more about it in my blog or,
> better, in my book) and 3) adding detection of SSL 3 support to the
> client test.
>
>
> [1] This POODLE bites: exploiting the SSL 3.0 fallback
>     http://googleonlinesecurity.blogspot.co.uk/2014/10/this-
> poodle-bites-exploiting-ssl-30.html
>
> [2] POODLE attacks on SSLv3
>     https://www.imperialviolet.org/2014/10/14/poodle.html
>
> [3] SSL 3 is dead, killed by the POODLE attack
>     http://blog.ivanristic.com/2014/10/ssl3-is-dead-killed-by-poodle.html
>
> [4] SSL v3 goes to the dogs - POODLE kills off protocol
>     https://scotthelme.co.uk/sslv3-goes-to-the-dogs-poodle-
> kills-off-protocol
>
> [5] SSL Labs
>     https://www.ssllabs.com
>
> ------------------------------------------------------------------------
> Thanks,
> Ivan
>
> -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
> Steve Piercy              Website Builder              Soquel, CA
> <[hidden email]>               <http://www.StevePiercy.com/>
>
>
> #############################################################
>
> This message is sent to you because you are subscribed to
>  the mailing list Lasso [hidden email]
> Official list archives available at http://www.lassotalk.com
> To unsubscribe, E-mail to: <[hidden email]>
> Send administrative queries to  <[hidden email]>
>

#############################################################

This message is sent to you because you are subscribed to
  the mailing list Lasso [hidden email]
Official list archives available at http://www.lassotalk.com
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: Bulletproof TLS Newsletter: POODLE attack on SSL 3

stevepiercy
In addition to following Bil Corry, I follow Hynek Schlawack,
who presented an excellent PyCon talk earlier this year when
Heartbleed was getting a lot of attention, as well as several of
the people he mentions at the end of his article.
https://hynek.me/talks/tls/

--steve


On 10/17/14 at 12:14 PM, [hidden email] (Bil Corry) pronounced:

>I know Ivan quite well - he knows his stuff.  Highly recommend his book on
>TLS:
>
>https://www.feistyduck.com/books/bulletproof-ssl-and-tls/
>
>If you had followed his advice, you wouldn't be susceptible to POODLE as he
>recommended to disable SSL 3.
>
>- Bil
>
>On Thu, Oct 16, 2014 at 10:54 PM, Steve Piercy - Website Builder <
>[hidden email]> wrote:
>
>>I get this newsletter because I signed up for the excellent free ebook,
>>"OpenSSL Cookbook".
>>https://www.feistyduck.com/books/openssl-cookbook/
>>
>>The author publishes frequent updates, saving me a lot of Googling for
>>authoritative information.
>>
>>--steve
>>
>>
>>====== Forwarded Message ======
>>Date: 10/16/14 7:57 PM
>>Received: 10/16/14 2:57 PM -0400
>>From: [hidden email] (Ivan Ristic)
>>
>>After days of persistent rumours, a serious SSL 3 vulnerability was
>>announced late on October 14th [1]. The so-called POODLE attack exploits
>>the CBC padding as implemented in SSL 3 to retrieve fragments of
>>encrypted information (e.g., cookies). The attack scenario is complex:
>>the attacker must execute an active network attack that is a combination
>>of network-level manipulation and malicious JavaScript executing in the
>>victim's browser. But, if those two preconditions are met, the attack
>>itself is relatively straightforward. If you're interested in the
>>details, the original announcement comes with a short paper, but I also
>>recommend Adam Langley's blog post [2].
>>
>>We haven't seen a proof of concept yet, but given that the attack is not
>>overly complex, it's reasonable to expect that someone will write it
>>sooner or later.
>>
>>The good news is that this problem affects only SSL 3, but the bad news
>>is that it's still possible to downgrade modern browsers from whatever
>>best version they support all the way down to the vulnerable protocol.
>>(I discuss this in the "Protocol Downgrade Attacks" section in Chapter
>>6 of Bulletproof SSL and TLS.)
>>
>>There are two things you should do: 1) disable SSL 3 in your browser
>>and 2) if at all possible disable SSL 3 in your servers. Please refer
>>to my blog post for a longer discussion [3]. Scott Helme has a detailed
>>blog post with step-by-step instructions for popular browsers and
>>servers [4].
>>
>>On the SSL Labs side [5], we released three new features yesterday to
>>address POODLE: 1) warnings for vulnerable servers, 2) detection of the
>>support for TLS_FALLBACK_SCSV (you'll read more about it in my blog or,
>>better, in my book) and 3) adding detection of SSL 3 support to the
>>client test.
>>
>>
>>[1] This POODLE bites: exploiting the SSL 3.0 fallback
>>http://googleonlinesecurity.blogspot.co.uk/2014/10/this-
>>poodle-bites-exploiting-ssl-30.html
>>
>>[2] POODLE attacks on SSLv3
>>https://www.imperialviolet.org/2014/10/14/poodle.html
>>
>>[3] SSL 3 is dead, killed by the POODLE attack
>>http://blog.ivanristic.com/2014/10/ssl3-is-dead-killed-by-poodle.html
>>
>>[4] SSL v3 goes to the dogs - POODLE kills off protocol
>>https://scotthelme.co.uk/sslv3-goes-to-the-dogs-poodle-
>>kills-off-protocol
>>
>>[5] SSL Labs
>>https://www.ssllabs.com
>>
>>------------------------------------------------------------------------
>>Thanks,
>>Ivan
>>
>>-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
>>Steve Piercy              Website Builder              Soquel, CA
>><[hidden email]>               <http://www.StevePiercy.com/>
>>
>>
>>#############################################################
>>
>>This message is sent to you because you are subscribed to
>>the mailing list Lasso [hidden email]
>>Official list archives available at http://www.lassotalk.com
>>To unsubscribe, E-mail to: <[hidden email]>
>>Send administrative queries to  <[hidden email]>
>>
>
>#############################################################
>
>This message is sent to you because you are subscribed to
>the mailing list Lasso [hidden email]
>Official list archives available at http://www.lassotalk.com
>To unsubscribe, E-mail to: <[hidden email]>
>Send administrative queries to  <[hidden email]>

-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
Steve Piercy              Website Builder              Soquel, CA
<[hidden email]>               <http://www.StevePiercy.com/>


#############################################################

This message is sent to you because you are subscribed to
  the mailing list Lasso [hidden email]
Official list archives available at http://www.lassotalk.com
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>