[Ach] Fwd: [Bulletproof TLS] New POODLE attack on TLS discovered

L. Aaron Kaplan kaplan at cert.at
Mon Dec 8 22:28:49 CET 2014

Ivan just posted something interesting.

Begin forwarded message:

> From: Ivan Ristic <ivanr at webkreator.com>
> Subject: [Bulletproof TLS] New POODLE attack on TLS discovered
> Date: December 8, 2014 10:20:14 PM GMT+01:00
> Dear Aaron Kaplan,
> There's a new SSL/TLS problem being announced today and it's likely to
> affect some of the most popular web sites in the world, owing largely
> to the popularity of F5 load balancers and the fact that these devices
> are impacted. There are other devices known to be affected, and it's
> possible that the same flaw is present in some SSL/TLS stacks. We will
> learn more in the following days.
> If you want to stop reading here, take these steps: 1) check your web
> site using the SSL Labs test [1]; 2) if vulnerable, apply the patch
> provided by your vendor. As problems go, this one should be easy to fix.
> [1] SSL Labs Server Test
>    https://www.ssllabs.com/ssltest/
> ------------------------------------------------------------------------
> Bulletproof TLS is a periodic newsletter providing the latest news,
> summaries and commentaries on SSL/TLS and Internet PKI. It's designed as
> a complementary service to our book Bulletproof SSL and TLS:
>    https://www.feistyduck.com/books/bulletproof-ssl-and-tls/
> ------------------------------------------------------------------------
> Today's announcement is actually about the POODLE attack (disclosed two
> months ago, in October) repurposed to attack TLS. If you recall, SSL 3
> doesn't require its padding to be in any particular format (except for
> the last byte, the length), opening itself to attacks by active network
> attackers. However, even though TLS is very strict about how its padding
> is formatted, it turns out that some TLS implementations omit to check
> the padding structure after decryption. Such implementations are
> vulnerable to the POODLE attack even with TLS.
> The impact of this problem is similar to that of POODLE, with the attack
> being slightly easier to execute.no need to downgrade modern clients
> down to SSL 3 first, TLS 1.2 will do just fine. The main target are
> browsers, because the attacker must inject malicious JavaScript to
> initiate the attack. A successful attack will use about 256 requests to
> uncover one cookie character, or only 4096 requests for a 16-character
> cookie. This makes the attack quite practical.
> According to our most recent SSL Pulse scan (which hasn't been published
> yet), about 10% of the servers are vulnerable to the POODLE attack
> against TLS.
> I'll keep my blog post updated as new information is available:
>    http://blog.ivanristic.com/2014/12/poodle-bites-tls.html

// L. Aaron Kaplan <kaplan at cert.at> - T: +43 1 5056416 78
// CERT Austria - http://www.cert.at/
// Eine Initiative der nic.at GmbH - http://www.nic.at/
// Firmenbuchnummer 172568b, LG Salzburg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 163 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.cert.at/pipermail/ach/attachments/20141208/c88fff19/attachment.sig>

More information about the Ach mailing list