0092 - 313-4567341
 info@magentogems.com

SSL3 “POODLE” Vulnerability

  Zahid Mughal   Nov 26, 2014   Blog   0 Comment

poodle

Description

POODLE which stands for “Padding Oracle On Downgraded Legacy Encryption”, describes a security vulnerability in the SSL Version 3 cryptogram used by older Internet browsers. If you’re not a developer, SSL is what your web browser uses to securely send data to web servers when you’re entering information like credit cards. When you see the green HTTPS appear in Chrome, you’re communicating via SSL.
The POODLE vulnerability was identified and released in September 2014 by the Google Security Team.It is an attack on the SSL 3.0 protocol and it is a protocol flaw, not an implementation issue; every implementation of SSL 3.0 suffers from it.

Attack Scenario

The attack requires to be able to inject data of their own, and to intercept the encrypted bytes. The only plausible context where such a thing happens is a Web browser. In that case, Poodle is, like BEAST and CRIME, an attack on the client, not on the server.

What we need to secure our application from this vulnerability?

Your vendor publishes security fixes; install them. Install the patches. All the patches. Do that. For Poodle and for all other vulnerabilities. You cannot afford not to install them, and that is not new. You should already be doing that.

About Zahid Mughal

Founded by Zahid Mughal in Lahore, Pakistan, MagentoGems Providing Freelancing Services to Pakistan Software Houses and International Clients (USA, UK, Australia, India, Canada) in Web Design, Web Development, Mobile Applications, Search Engine Optimization (SEO), Graphic Design and Content Writing. Our core function is to meet the needs of our clients and provide them with services of the highest quality. To offer our clients the best websites in the market, we adhere to all the set W3C international standards. These standards ensure that our clients’ sites are compatible to various browsers and smart phone applications including the iPhones.

Post a Comment

Your email address will not be published. Required fields are marked *

*

Magentogems
Delta Road, Sharif Colony Gujranwala, 52250 +92-313-4567341
Read previous post:
MagentoGems Launch WordPress Plugin

MagentoGems has start launching plugins and Extensions for Wordpress and Magento. Our first plugin is "MG Web Speed Optimizer". Desctiption:...

Close