Update 13 last update about Noodle attacks and what you should know for now

official reference http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566 here all the necessary official updates will be collected and published, this is the official reference for all technical information or the links to them for more information. For the moment there is NO information but normally that should change in the following hours (showing another effect of the going-alone attitude of Google in this)

this is an older version of ssl but when a browser can't connect to the newer versions he falls back on this one which is already 15 years old and if you remember how malware and exploitcode writing has developed over the last 15 years than you will understand that such old code will be prone to all kinds of vulnerabilities

so as long as browsers make it impossible to be (forced to) use this older and totally insecure protocol than we have now other solution than to patch and patch and patch

when will the IT industry learn that someday we will have to throw definitely some code away and oblige people to upgrade or just say that it doesn't work anymore point final.

well this is what Google has decided to do today - but I am not so sure that they have coordinated enough with the rest of the industry who doesn't seem so ready as in past discoveries which needed a vertical upgrade across the board of software and hardware.

For the technical people, this is the issue (in normal terms : the encryption is too weak so it can be broken and if the encryption can be broken everything can be read and that includes authentification like passwords)

"With block ciphers, we have a second problem: What if the block to be encrypted is too short? In this case, padding is used to make up for the missing data. Since the padding isn't really considered part of the message, it is not covered by the MAC (message authorization code) that verified message integrity.  So what does this mean in real live? The impact is similar to the BEAST attack. An attacker may either play MitM, or may be able to decrypt parts of a message if the attacker is able to inject data into the connection just like in the BEAST attack. The attack allows one to decrypt one byte at a time, if the attacker is able to inject messages right after that byte that include only padding https://isc.sans.edu

"Disabling SSL 3.0 support, or CBC-mode ciphers with SSL 3.0, is sufficient to mitigate this issue, but presents significant compatibility problems, even today. Therefore our recommended response is to support TLS_FALLBACK_SCSV. This is a mechanism that solves the problems caused by retrying failed connections and thus prevents attackers from inducing browsers to use SSL 3.0. It also prevents downgrades from TLS 1.2 to 1.1 or 1.0 and so may help prevent future attacks.
Google Chrome and our servers have supported TLS_FALLBACK_SCSV since February and thus we have good evidence that it can be used without compatibility problems. Additionally, Google Chrome will begin testing changes today that disable the fallback to SSL 3.0. This change will break some sites and those sites will need to be updated quickly
http://googleonlinesecurity.blogspot.be/2014/10/this-poodle-bites-exploiting-ssl-30.html  (see more information later in this post)

"Security experts said that hackers could steal browser "cookies" in "Poodle" attacks, potentially taking control of email, banking and social networking accounts

In fact it is easier to do than the Beast attack and is in fact the practical realisation of some other theoretical attacks against the oldest versions of SSL which seem to take too many resources in the newer versions of SSL

"This attack, called POODLE, is similar to the BEAST attack and also allows a network attacker to extract the plaintext of targeted parts of an SSL connection, usually cookie data. Unlike the BEAST attack, it doesn't require such extensive control of the format of the plaintext and thus is more practical.

Fundamentally, the design flaw in SSL/TLS that allows this is the same as with Lucky13 and Vaudenay's two attacks: SSL got encryption and authentication the wrong way around – it authenticates before encrypting.


" This code sends several requests to a target HTTPS website, where cookies are sent automatically if a previous authenticated session exists. This is a required condition in order to exploit this vulnerability. The attacker could then intercept this HTTPS traffic, and by exploiting a weakness in the CBC block cypher in SSL 3.0, could decrypt portions of the encrypted traffic (e.g. authentication cookies).

So this means that when one authentificaties in for example Facebook and keeps it 'ALIVE' and then surfs to a vulnerable server that attacks the PC and than gets back to Facebook than the attack can start. So by NOT implementing KEEP ALIVE cookies. For this to work the attacker needs to send hundreds of transactions of handshakes but that the user won't see, things will maybe slow down but he will think that there are some problems on the server (even with a fake error message on his screen)

they can do this with a middle in the man attack on the network or on the PC (while you connect to the internet or the PC)

"Jeff Moss, a cyber adviser to the U.S. Department of Homeland Security, said attackers would need to launch a "man-in-the-middle" attack, placing themselves between victims and websites using approaches such as creating rogue WiFi "hotspots" in Internet cafes.

Mozilla plans to disable SSL 3.0 by default in the next version of its Firefox browser, to be released on Nov. 25. (http://mzl.la/1DaxOwY).

"SSL version 3.0 is no longer secure," Mozilla said on its blog. "Browsers and websites need to turn off SSLv3 and use more modern security protocols as soon as possible."

Microsoft Corp issued an advisory suggesting that customers disable SSL 3.0 on Windows for servers and PCs.

Representatives with Apple Inc could not be reached. An Oracle Corp spokeswoman had no immediate comment.

and how widespread can these attacks become ?

"a non-trivial number of SSLv3 servers still exist and workarounds for the bugs mean that an attacker can convince a browser to use SSLv3 even when both the browser and server support a more recent version. Thus, this attack is widely applicable.

will this update also give a solution to all the different attacks against online (Financial) service that make use of the fallback mechanism in which the browser (without even informing the users) is forced back to an unsecure older version of a 'secure' protocol so that the attacker can use proven code and methods to get the authentification détails before they are encrypted ?  It says it does (it has to pass the hackers and securityresearchers test although)

"fallback behaviour is bad news. In fact, Bodo and I have a draft out for a mechanism to add a second, less bug-rusted mechanism to prevent it called TLS_FALLBACK_SCSV. Chrome and Google have implemented it since February this year and so connections from Chrome to Google are already protected. We are urging server operators and other browsers to implement it too. It doesn't just protect against this specific attack, it solves the fallback problem in general. For example, it stops attackers from downgrading TLS 1.2 to 1.1 and 1.0 and thus removing modern, AEAD ciphers from a connection. (Remember, everything less than TLS 1.2 with an AEAD mode is cryptographically broken.) There should soon be an updated OpenSSL version that supports it.

this oversight for now

Microsoft : publishes information how to stop ssl fallback behaviour

   In Internet Explorer you have to disable sslv3 support manually (or with a networkscript) even in version 11

   Disable SSL 3.0 and enable TLS 1.0, TLS 1.1, and TLS 1.2 in Internet Explorer

You can disable the SSL 3.0 protocol that is affected by this vulnerability. You can do this by modifying the Advanced Security settings in Internet Explorer.

To change the default protocol version to be used for HTTPS requests, perform the following steps:

  1. On the Internet Explorer Tools menu, click Internet Options.
  2. In the Internet Options dialog box, click the Advanced tab.
  3. In the Security category, uncheck Use SSL 3.0 and check Use TLS 1.0, Use TLS 1.1, and Use TLS 1.2 (if available).
  4. Click OK.
  5. Exit and restart Internet Explorer.

but  Internet Explorer 6 is broken but why the hell are you still using a version that is so buggy it can be hacked in over a minute

Microsoft users should also connect reguarly to those two resources to secure their computer or to download free securitytools and upgrade their Windows (even if they are pirated they will get security updates)

  • Protect your PC

    We continue to encourage customers to follow our Protect Your Computer guidance of enabling a firewall, getting software updates and installing antivirus software. For more information, see Microsoft Safety & Security Center.

  • Keep Microsoft Software Updated

    Users running Microsoft software should apply the latest Microsoft security updates to help make sure that their computers are as protected as possible. If you are not sure whether your software is up to date, visit Microsoft Update, scan your computer for available updates, and install any high-priority updates that are offered to you. If you have automatic updating enabled and configured to provide updates for Microsoft products, the updates are delivered to you when they are released, but you should verify that they are installed.

Apple : No news

Oracle : No news

Google : only Chrome to Google services are secured, don't use another server, the rest will take MONTHS. ".
In the coming months, we hope to remove support for SSL 3.0 completely from our client products" (see Googleblog)

Servers on Opensll : No fallback patch yet

Firefox : you have to wait untill the update of the 25th of NOVEMBER  (yeah)

For the moment the Internet Storm center has tested the following

You can test if your browser is vulnerable on this site https://www.poodletest.com/

Unofficial patches to install

For Chrome

"I've just landed a patch on Chrome trunk that disables fallback to SSLv3 for all servers. This change will break things and so we don't feel that we can jump it straight to Chrome's stable channel. But we do hope to get it there within weeks and so buggy servers that currently function only because of SSLv3 fallback will need to be updated.

Chrome users that just want to get rid of SSLv3 can use the command line flag --ssl-version-min=tls1 to do so. (We used to have an entry in the preferences for that but people thought that “SSL 3.0” was a higher version than “TLS 1.0” and would mistakenly disable the latter.)

For firefox

In Firefox you can go into about:config and set security.tls.version.min to 1. I expect that other browser vendors will publish similar instructions over the coming days.

For server owners  (you won't have any IE 6.0 traffic anymore)

As a server operator, it is possible to stop this attack by disabling SSLv3, or by disabling CBC-mode ciphers in SSLv3. However, the compatibility impact of this is unclear

You can publish a message if you see that they are coming to your site with that very old browser in which you publish a link to upgrade their browser or to change their browser to Firefox or Chrome.

You can test if your server is vulnerable here http://www.ssllabs.com (test a server)

another test you can do with an openssl client 

using the openssl client: (if it connects, it supports SSLv3)  penssl s_client -ssl3 -connect [your web server]:443 

For Microsoft network managers

Disable SSL 3.0 and enable TLS 1.0, TLS 1.1, and TLS 1.2 in Group Policy

You can disable the SSL 3.0 protocol that is affected by this vulnerability. You can do this by modifying the Turn Off Encryption Support Group Policy Object.

  1. Open Group Policy Management.
  2. Select the group policy object to modify, right click and select Edit.
  3. In the Group Policy Management Editor, browse to the following setting:

    Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Explorer Control Panel -> Advanced Page -> Turn Off Encryption Support

  4. Double-click the Turn off Encryption Support setting to edit the setting.
  5. Click Enabled.
  6. In the Options window, change the Secure Protocol combinations setting to "Use TLS 1.0, TLS 1.1, and TLS 1.2".
  7. Click OK.



servers who want to pass to RC4 will find themselves the victims of other attacks so this is NOT a solution, you should finally start implementing a real stable secure encryption environment and configure it as such with security in mind and not the least secure visitor you can have to your site who would jeopardize the security of your users in the same way EBOLA does with humans

Maybe it is time to give servers a certificate for the (in)security of their encryption and the way it is configured. Maybe it is time for proxy servers in networks to block access to totally insecure servers that we shouldn't let our users visit anymore for their own protection and that of our resources. That will make an impact on the server owners who will see much of their 'business traffic' fall and so become less interesting for advertisers (who could use the blocklists to see if that site is accessable to people with money (and that are people who work).

The comments are closed.