[Ach] Fwd: [Bulletproof TLS] New POODLE attack on TLS discovered

Mon Dec 8 23:06:20 CET 2014

He's referring to this post from AGL --
https://www.imperialviolet.org/2014/12/08/poodleagain.html

~reed

On Mon, Dec 8, 2014 at 1:28 PM, L. Aaron Kaplan <kaplan at cert.at> wrote:

>
> Ivan just posted something interesting.
>
> Begin forwarded message:
>
> > From: Ivan Ristic <ivanr at webkreator.com>
> > Subject: [Bulletproof TLS] New POODLE attack on TLS discovered
> > Date: December 8, 2014 10:20:14 PM GMT+01:00
> >
> > Dear Aaron Kaplan,
> >
> > There's a new SSL/TLS problem being announced today and it's likely to
> > affect some of the most popular web sites in the world, owing largely
> > to the popularity of F5 load balancers and the fact that these devices
> > are impacted. There are other devices known to be affected, and it's
> > possible that the same flaw is present in some SSL/TLS stacks. We will
> > learn more in the following days.
> >
> > If you want to stop reading here, take these steps: 1) check your web
> > site using the SSL Labs test [1]; 2) if vulnerable, apply the patch
> > provided by your vendor. As problems go, this one should be easy to fix.
> >
> > [1] SSL Labs Server Test
> >    https://www.ssllabs.com/ssltest/
> >
> > ------------------------------------------------------------------------
> >
> > Bulletproof TLS is a periodic newsletter providing the latest news,
> > summaries and commentaries on SSL/TLS and Internet PKI. It's designed as
> > a complementary service to our book Bulletproof SSL and TLS:
> >
> >    https://www.feistyduck.com/books/bulletproof-ssl-and-tls/
> >
> > ------------------------------------------------------------------------
> >
> > Today's announcement is actually about the POODLE attack (disclosed two
> > months ago, in October) repurposed to attack TLS. If you recall, SSL 3
> > doesn't require its padding to be in any particular format (except for
> > the last byte, the length), opening itself to attacks by active network
> > attackers. However, even though TLS is very strict about how its padding
> > is formatted, it turns out that some TLS implementations omit to check
> > the padding structure after decryption. Such implementations are
> > vulnerable to the POODLE attack even with TLS.
> >
> > The impact of this problem is similar to that of POODLE, with the attack
> > being slightly easier to execute.no need to downgrade modern clients
> > down to SSL 3 first, TLS 1.2 will do just fine. The main target are
> > browsers, because the attacker must inject malicious JavaScript to
> > initiate the attack. A successful attack will use about 256 requests to
> > uncover one cookie character, or only 4096 requests for a 16-character
> > cookie. This makes the attack quite practical.
> >
> > According to our most recent SSL Pulse scan (which hasn't been published
> > yet), about 10% of the servers are vulnerable to the POODLE attack
> > against TLS.
> >
> > I'll keep my blog post updated as new information is available:
> >
> >    http://blog.ivanristic.com/2014/12/poodle-bites-tls.html
> >
>
> ---
> // L. Aaron Kaplan <kaplan at cert.at> - T: +43 1 5056416 78
> // CERT Austria - http://www.cert.at/
> // Eine Initiative der nic.at GmbH - http://www.nic.at/
> // Firmenbuchnummer 172568b, LG Salzburg
>
>
>
>
>
> _______________________________________________
> Ach mailing list
> Ach at lists.cert.at
> http://lists.cert.at/cgi-bin/mailman/listinfo/ach
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cert.at/pipermail/ach/attachments/20141208/b45131ab/attachment.html>