SSL broken, again, in POODLE attack

[app103]

From the researchers that brought you BEAST and CRIME comes another attack against Secure Sockets Layer (SSL), one of the protocols that's used to secure Internet traffic from eavesdroppers both government and criminal.

Calling the new attack POODLE—that's "Padding Oracle On Downgraded Legacy Encryption"—the attack allows a man-in-the-middle, such as a malicious Wi-Fi hotspot or a compromised ISP, to extract data from secure HTTP connections. This in turn could let that attacker do things such as access online banking or e-mail systems. The flaw was documented by Bodo Möller, Thai Duong, and Krzysztof Kotowicz, all of whom work at Google. Thai Duong, working with Juliano Rizzo, described the similar BEAST attack in 2011 and the CRIME attack in 2012.

The attack depends on the fact that most Web servers and Web browsers allow the use of the ancient SSL version 3 protocol to secure their communications. Although SSL has been superseded by Transport Layer Security, it's still widely supported on both servers and clients alike and is still required for compatibility with Internet Explorer 6. SSLv3, unlike TLS 1.0 or newer, omits validation of certain pieces of data that accompany each message. Attackers can use this weakness to decipher an individual byte and time of the encrypted data, and in so doing, extract the plain text of the message byte by byte.

As with previous attacks of this kind against SSL, the most vulnerable application is HTTP. An example attack scenario would work something like this. An adversary (typically in cryptography literature known as Mallory) sets up a malicious Wi-Fi hotspot. That Wi-Fi hotspot does two things. On non-secure HTTP connections, it injects a piece of JavaScript. And on secure HTTP connections, it intercepts the outgoing messages and reorganizes them.

http://arstechnica.c...in-in-poodle-attack/

[app103]

To fix your browser:

• Firefox: you can install this add-on: https://addons.mozil...ssl-version-control/
• Pale Moon, K-Meleon, and other Gecko browsers: Go to about:config and set security.tls.version.min to 1 which will disable its ability to communicate over SSLv3.
• IE: see this page: https://technet.micr...ary/security/3009008
• Chrome: https://zmap.io/sslv...browsers.html#chrome
• Safari users on OSX & iOS: You are pretty much screwed till Apple fixes it for you. Use a different browser.
• Opera: You are screwed too. http://forums.opera....025#Comment_15195025 (thanks Renegade!)

[Edvard]

Damn.
Since my main box blew up, I have had to use a spare computer with dismal graphics and no way to remedy.  Opera is the only browser that 'behaves' on this box.  Damn.
 

[app103]

Damn.
Since my main box blew up, I have had to use a spare computer with dismal graphics and no way to remedy.  Opera is the only browser that 'behaves' on this box.  Damn.
 

-Edvard (October 15, 2014, 06:15 PM)

Windows box? If so, try K-Meleon. If it ran well on my ancient Pentium I with 64mb RAM and the 2mb onboard S3 Trio graphics, it should run well on just about anything better. 

[NigelH]

To fix your browser:

...

• Opera: You are screwed too.

-app103 (October 15, 2014, 05:39 PM)

Perhaps for Chrome based opera?

But for Opera 12.17 or earlier, disabling  "Enable SSL 3"  in Preferences/Advanced/Security/Security Protocols should work.

If not, then it's time to switch permanently to a 2nd rate browser.

PS: Thanks for the Pale Moon tip

[ewemoa]

Thanks for the heads up and browser fix suggestions, app103 

[TaoPhoenix]

To fix your browser:

• Safari users on OSX & iOS: You are pretty much screwed till Apple fixes it for you. Use a different browser.

-app103 (October 15, 2014, 05:39 PM)

How do people use different browsers in iOS effectively?

The huge reason I never considered my phone (iPhone) to be a real comp is that while it can do a few fun useful things, it just doesn't do anything that I consider really useful / work.

So I am only a novice at phones, but I've tried to barely keep up on the news. So Apple has made it rather hard to use other browsers than Safari on an iPhone. And despite how ugly Flash is, it does run a few things. So I squeaked by, and got a copy of Photon on my iPhone, that does some sort of "process and pass on" version of Flash.

So, there. That's a different browser. But is it susceptible to this new attack? I have no idea and no idea how to find out. I'm a great test case because I'm sorta smart, and I have first level questions, but these new stories are coming too fast and thick for me to make out.

[Edvard]

...
Windows box? If so, ...

-app103 (October 15, 2014, 06:29 PM)

Aw, c'mon App, you should know me better by now  
I'm 100% Linux and have been for a while.  I think I have XP in a virtual machine around here somewhere...

BTW, the computer I'm on at the moment is a Dell SC1425 server.  Radeon Mobility graphics and one expansion slot which is PCI-X.  

Funny thing, I just fired up Firefox, and while scrolling up and down a page lags like swimming in peanut butter, the Mozilla Bundle game previews play just fine...
 

...
Perhaps for Chrome based opera?

But for Opera 12.17 or earlier, disabling  "Enable SSL 3"  in Preferences/Advanced/Security/Security Protocols should work.

If not, then it's time to switch permanently to a 2nd rate browser.

PS: Thanks for the Pale Moon tip

-NigelH (October 15, 2014, 06:31 PM)

Cool tip Nigel!  For now, Opera 12.17 is the only one available for Linux, so I'll try that out.
 

[NigelH]

Test your browser
https://www.ssllabs.com/

(confirms Opera 12.17 suggestion works).

[app103]

My first hint about this issue was when my IRC client disconnected from Slack very early this morning and wouldn't reconnect. I thought the issue was on my end, rebooted twice, went googling the error messages I was getting, etc. But it turned out that Slack turned off SSLv3 as soon as they found out about this, and my IRC client didn't support TLS, so I had to go find a version of Xchat that does and doesn't crash when I lose my internet connection. That was a big chunk out of my day today. 

[Renegade]

Wow. This is nasty!

https://scotthelme.c...-kills-off-protocol/

As the POODLE vulnerability is actually in the protocol itself, this isn't something that can be patched out like ShellShock and HeartBleed.

[Renegade]

• Opera: You are screwed too.

-app103 (October 15, 2014, 05:39 PM)

Solved! (solution found here)

1) Find your proper Opera executable folder, e.g. C:\Program Files (x86)\Opera\25.0.1614.50_0
    It is NOT in C:\Program Files (x86)\Opera\
2) Run opera.exe --ssl-version-min=tls1
3) SSL is now turned off. Check it for the vulnerability at the link NigelH posted above.

[app103]

• Opera: You are screwed too.

-app103 (October 15, 2014, 05:39 PM)

Solved! (solution found here)

1) Find your proper Opera executable folder, e.g. C:\Program Files (x86)\Opera\25.0.1614.50_0
    It is NOT in C:\Program Files (x86)\Opera\
2) Run opera.exe --ssl-version-min=tls1
3) SSL is now turned off. Check it for the vulnerability at the link NigelH posted above.
 (see attachment in previous post)

-Renegade (October 15, 2014, 07:44 PM)

And just like the Chrome fix, you will have to put it in the shortcut you use to launch it, because it has to be done every time you start the browser. It's not a one time fix & forget.

[Renegade]

And just like the Chrome fix, you will have to put it in the shortcut you use to launch it, because it has to be done every time you start the browser. It's not a one time fix & forget.

-app103 (October 15, 2014, 07:50 PM)

Whoops. Yes. Good point. You need to create a shortcut for it. A crappy fix, but better than nothing.

[app103]

And just like the Chrome fix, you will have to put it in the shortcut you use to launch it, because it has to be done every time you start the browser. It's not a one time fix & forget.

-app103 (October 15, 2014, 07:50 PM)

Whoops. Yes. Good point. You need to create a shortcut for it. A crappy fix, but better than nothing.

-Renegade (October 15, 2014, 08:10 PM)

Also watch out for external links from other apps opening in Opera or Chrome, as they will not launch your browser with the command line parameter.

[ewemoa]

Test your browser
https://www.ssllabs.com/

-NigelH (October 15, 2014, 07:11 PM)

Nice -- thanks for this.

[mouser]

Thanks for the heads up 

[wraith808]

From my understanding, it's only SSLv3... right?  Which shouldn't really be in use?

https://securityblog...ility-cve-2014-3566/

[app103]

From my understanding, it's only SSLv3... right?  Which shouldn't really be in use?

https://securityblog...ility-cve-2014-3566/

-wraith808 (October 15, 2014, 10:42 PM)

Well, v2 shouldn't be in use, either.