[Nottingham] Oodles of poodles make your noodle go cock-a-doodle

Mike Cardwell nlug at lists.grepular.com
Wed Oct 15 09:50:52 UTC 2014 

* on the Wed, Oct 15, 2014 at 10:29:29AM +0100, Michael Simms wrote:

> To be honest, this is pretty much a non-event in terms of an attack.

I think you're understating the problem. If I'm a MITM on your network
and you login to for example https://www.gmail.com/, and then you visit
http://unrelated.unencrypted.website.example.com/ using the same
browser, I can use that unencrypted request as a side channel, and
inject some code into the response which will steal your session cookie
from the encrypted site, giving me access to your GMail account.
Replace "GMail" with "any HTTPS site" if you like, e.g. your banks.

This relies on both the browser and the server having support for
SSLv3.

People running web servers can fix this problem by disabling SSLv3. A
side effect of doing that is that IE6 can no longer talk to your web
server. But anyone running IE6 on the open Internet nowadays is already
compromised and you should not want their traffic anyway.

The next version of Firefox is disabling SSLv3, and Chrome will also be
disabling it in a few weeks time as well.

Mike

> Sure, IF someone can cause a network disruption they can force a 
> renegotiation. They need access to your data stream to do it though.
> 
> However, IF they have access to your data stream, they can just rewrite 
> the first packet in the SSL Client Hello to report that the client is 
> SSLV3 anyway, and the server will automatically downgrade to SSLV3 to 
> match. When the server responds with its Server Hello as SSLV3, then the 
> client will then think the server is only capable of it, and will also 
> downgrade to match. Job done, equivalent attack completed, and with much 
> less hassle than the scenario painted by this attack.
> 
> This has been known about forever, it's part of the protocol, and 
> required for backwards compatibility, but the requirement of a man in 
> the middle means it's still pretty unlikely.
> 
> On 10/15/2014 09:48 AM, Jason Irwin wrote:> 
> http://www.theregister.co.uk/2014/10/14/google_drops_ssl_30_poodle_vulnerability/
> > 
> > Long story short, browsers can be forced to downgrade to SSL3 and then
> > packets sniffed, exploits performed.
> > 
> > Quick solution: Drop support for SSL3.
> > 
> 
> 
> _______________________________________________
> Nottingham mailing list
> Nottingham at mailman.lug.org.uk
> https://mailman.lug.org.uk/mailman/listinfo/nottingham
-- 
Mike Cardwell  https://grepular.com https://emailprivacytester.com
OpenPGP Key    35BC AF1D 3AA2 1F84 3DC3   B0CF 70A5 F512 0018 461F
XMPP OTR Key   8924 B06A 7917 AAF3 DBB1   BF1B 295C 3C78 3EF1 46B4
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 598 bytes
Desc: Digital signature
URL: <http://mailman.lug.org.uk/pipermail/nottingham/attachments/20141015/af483b84/attachment.pgp>

More information about the Nottingham mailing list