Poodle attack of SSL 3.0?

Posted 3/25/2015 7:07 AM
#98338
User avatar

Denny Member

Date Joined Nov 2016
Total Posts: 2
Hi,
I heard about the poodle attack of SSL 3.0, what does it mean? How to avoid it?
Posted 3/26/2015 3:12 AM
#98339
User avatar

Robert Mateescu Advanced member

Date Joined Nov 2016
Total Posts: 422
Hi Denny,

A POODLE attack is an exploit that takes advantage of the way some browsers deal with encryption. POODLE (Padding Oracle On Downgraded Legacy Encryption) is the name of the vulnerability that enables the exploit.

POODLE can be used to target browser-based communication that relies on the Secure Sockets Layer (SSL) 3.0 protocol for encryption and authentication. The Transport Layer Security (TLS) protocol has largely replaced SSL for secure communication on the Internet, but many browsers will revert to SSL 3.0 when a TLS connection is unavailable. An attacker who wants to exploit POODLE takes advantage of this by inserting himself into the communication session and forcing the browser to use SSL 3.0.

Unfortunately this vulnerability is caused by a flawed design and the only solution is to stop using SSL 3.0.
Robert Mateescu
Senior Support Technician EN
[url]support@bullguard.com[/url]
www.bullguard.com

Download the Free Trial version of BullGuard Internet Security

You have a BullGuard related problem? Contact our Support team directly via Live Chat for immediate assistance: https://www.bullguard.com/support.aspx!
Posted 4/2/2015 9:44 AM
#98801
User avatar

Denny Member

Date Joined Nov 2016
Total Posts: 2
Hi Robert,
Thanks to give the information on DDoS attack.

I also read, on this March, there is a new SSL/TLS vulnerability called the FREAK attack. It permits an attacker to interrupt HTTPS connections between vulnerable clients and servers and force them to use weakened encryption, which the attacker can break to steal or manipulate sensitive data.
Posted 4/3/2015 11:12 PM
#98809
User avatar

Robert Mateescu Advanced member

Date Joined Nov 2016
Total Posts: 422
Hi Denny,

The security flaw that made FREAK attacks possible has been patched last month by all major software publishers.
You can read more about it here and here.

Best wishes!
Robert Mateescu
Senior Support Technician EN
[url]support@bullguard.com[/url]
www.bullguard.com

Download the Free Trial version of BullGuard Internet Security

You have a BullGuard related problem? Contact our Support team directly via Live Chat for immediate assistance: https://www.bullguard.com/support.aspx!
  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Monday, September 21, 2020, 2:42 PM (GMT +2)
There are a total of 61,828 posts in 13,648 threads.
In the last 3 days there were 1 new threads and 1 reply posts.

Who's online

This forum has 38,580 registered members. Please welcome our newest member, CJT1963.
There are currently no users on-line.
×

Just a minute

Privacy has never been so important.

Nearly 50% of online users are now using a VPN to protect their privacy.

Find out why

…and if it grabs you bag yourself a VPN bargain.

We use cookies to ensure that we give you the best experience on our website. By continuing to browse, we are assuming that you have no objection in accepting cookies. You can change your cookie settings at any time.