Get your Halloween Treats

Poodle attack of SSL 3.0?

Posted 3/25/2015 7:07 AM
#98338
User avatar

Denny Member

Date Joined Nov 2016
Total Posts: 2
Hi,
I heard about the poodle attack of SSL 3.0, what does it mean? How to avoid it?
Posted 3/26/2015 3:12 AM
#98339
User avatar

Robert Mateescu Advanced member

Date Joined Nov 2016
Total Posts: 422
Hi Denny,

A POODLE attack is an exploit that takes advantage of the way some browsers deal with encryption. POODLE (Padding Oracle On Downgraded Legacy Encryption) is the name of the vulnerability that enables the exploit.

POODLE can be used to target browser-based communication that relies on the Secure Sockets Layer (SSL) 3.0 protocol for encryption and authentication. The Transport Layer Security (TLS) protocol has largely replaced SSL for secure communication on the Internet, but many browsers will revert to SSL 3.0 when a TLS connection is unavailable. An attacker who wants to exploit POODLE takes advantage of this by inserting himself into the communication session and forcing the browser to use SSL 3.0.

Unfortunately this vulnerability is caused by a flawed design and the only solution is to stop using SSL 3.0.
Robert Mateescu
Senior Support Technician EN
[url]support@bullguard.com[/url]
www.bullguard.com

Download the Free Trial version of BullGuard Internet Security

You have a BullGuard related problem? Contact our Support team directly via Live Chat for immediate assistance: https://www.bullguard.com/support.aspx!
Posted 4/2/2015 9:44 AM
#98801
User avatar

Denny Member

Date Joined Nov 2016
Total Posts: 2
Hi Robert,
Thanks to give the information on DDoS attack.

I also read, on this March, there is a new SSL/TLS vulnerability called the FREAK attack. It permits an attacker to interrupt HTTPS connections between vulnerable clients and servers and force them to use weakened encryption, which the attacker can break to steal or manipulate sensitive data.
Posted 4/3/2015 11:12 PM
#98809
User avatar

Robert Mateescu Advanced member

Date Joined Nov 2016
Total Posts: 422
Hi Denny,

The security flaw that made FREAK attacks possible has been patched last month by all major software publishers.
You can read more about it here and here.

Best wishes!
Robert Mateescu
Senior Support Technician EN
[url]support@bullguard.com[/url]
www.bullguard.com

Download the Free Trial version of BullGuard Internet Security

You have a BullGuard related problem? Contact our Support team directly via Live Chat for immediate assistance: https://www.bullguard.com/support.aspx!
  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Thursday, October 21, 2021, 8:10 PM (GMT +2)
There are a total of 61,936 posts in 13,682 threads.
In the last 3 days there were 0 new threads and 1 reply posts.

Who's online

This forum has 38,652 registered members. Please welcome our newest member, rb_coding.
715 Guest(s), 0 Registered Member(s) are currently online.
×

Just a minute

Privacy has never been so important.

Nearly 50% of online users are now using a VPN to protect their privacy.

Find out why

…and if it grabs you bag yourself a VPN bargain.