NNSquad - Network Neutrality Squad
[ NNSquad ] This POODLE bites: exploiting the SSL 3.0 fallback
This POODLE bites: exploiting the SSL 3.0 fallback
(Google): http://googleonlinesecurity.blogspot.com.au/2014/10/this-poodle-bites-exploiting-ssl-30.html
"Today we are publishing details of a vulnerability in the design of
SSL version 3.0. This vulnerability allows the plaintext of secure
connections to be calculated by a network attacker. I discovered this
issue in collaboration with Thai Duong and Krzysztof Kotowicz (also
Googlers). SSL 3.0 is nearly 15 years old, but support for it remains
widespread. Most importantly, nearly all browsers support it and, in
order to work around bugs in HTTPS servers, browsers will retry failed
connections with older protocol versions, including SSL 3.0. Because a
network attacker can cause connection failures, they can trigger the
use of SSL 3.0 and then exploit this issue."
- - -
--Lauren--
Lauren Weinstein (lauren@vortex.com): http://www.vortex.com/lauren
Founder:
- Network Neutrality Squad: http://www.nnsquad.org
- PRIVACY Forum: http://www.vortex.com/privacy-info
Co-Founder: People For Internet Responsibility: http://www.pfir.org/pfir-info
Member: ACM Committee on Computers and Public Policy
I am a consultant to Google -- I speak only for myself, not for them.
Lauren's Blog: http://lauren.vortex.com
Google+: http://google.com/+LaurenWeinstein
Twitter: http://twitter.com/laurenweinstein
Tel: +1 (818) 225-2800 / Skype: vortex.com
_______________________________________________
nnsquad mailing list
http://lists.nnsquad.org/mailman/listinfo/nnsquad