POODLE Flaw Returns, This Time Hitting TLS Protocol

angry tapir writes: If you patched your sites against a serious SSL flaw discovered in October you will have to check them again. Researchers have discovered that the POODLE vulnerability also affects implementations of the newer TLS protocol. The POODLE (Padding Oracle On Downgraded Legacy Encryption) vulnerability allows attackers who manage to intercept traffic between a user's browser and an HTTPS website to decrypt sensitive information, like the user's authentication cookies.

Test your site with this

[cyrus0101]

The article references the SSL Labs tool which includes the TLS POODLE test: https://www.ssllabs.com/ssltes...

Re:Test your site with this

[Architect_sasyr]

The SSL Labs are a fantastic reference.

Turns out when I was using their guides and aiming for an A+ rating in October (not long after I took over the current post) I accidentally mitigated TLS POODLE before it even became publicly known. So.. whoops? Better not follow the best practices guides next time, better just patch the vulnerabilities as they come ;)

Re:Test your site with this

[oobayly]

If you're using IIS 7.5/8 there's this script for securing* it. Though it may lock out XP users (which probably isn't a bad thing) due to disabling RC4.

* You there in the back, stop laughing.

Re:Test your site with this

Was hoping this would be pointed to, for those not aware. Thank you!

Re:Test your site with this

If you're using IIS 7.5/8 there's this script [www.hass.de] for securing* it.

Yes, but not for this specific issue.

It would be nice to have a list of products that are affected by this issue, but this article (yes, I RTFA) doesn't mention whether most major platforms are vulnerable or not.

Re:Test your site with this

It's not platforms that are affected, it's ciphers. The question is what platforms can be configured for ciphers that are not affected by this issue.

Re:Test your site with this

[RyoShin]

Thankfully, this looks to be an implementation issue and not a protocol issue like SSL had. From the blog of the folks who run that SSL test:

As problems go, this one should be easy to fix. [...] [E]ven though TLS is very strict about how its padding is formatted, it turns out that some TLS implementations omit to check the padding structure after decryption. Such implementations are vulnerable to the POODLE attack even with TLS. [...] According to our most recent SSL Pulse scan (which hasn’t been published yet), about 10% of the servers are vulnerable to the POODLE attack against TLS.

Re:After the jump BULLSHIT

[Nyder]

Don't you mean Dog shit instead of bullshit? After all, this is a POODLE vulnerability.

Re:After the jump BULLSHIT

https://www.imperialviolet.org/2014/12/08/poodleagain.html

Re:After the jump BULLSHIT

Just disable Javascript. No jumps (OK, sometimes no sites, but I just don't see what I don't see: the worst offenders get winnowed out for me, so to speak).

Re:After the jump BULLSHIT

No, I mean you're a pile of silly horse shit and whoever spent 2 points worth of karma on you is a frickin retard.

Re:After the jump BULLSHIT

[wonkey_monkey]

GP asked for this:

Can't anybody just post the damn direct link to the fucking advisory or source articles anymore.

Disabling Javascript isn't going to help with that.

Re:After the jump BULLSHIT

I consider these annoying Javascript sites to be part of the Dark Net. I simply don't see them.

A question I hope someone can answer

For those of us who are stuck using older browsers (FireFox v10 or IE6), even with SSL disabled and only TLS 1.0 enabled, will this be a problem?

As I said, stuck. I won't appreciate replies saying to upgrade my browser.

Re: A question I hope someone can answer

Have you considered upgrading your browser!

Re:A question I hope someone can answer

[Carewolf]

For those of us who are stuck using older browsers (FireFox v10 or IE6), even with SSL disabled and only TLS 1.0 enabled, will this be a problem?

As I said, stuck. I won't appreciate replies saying to upgrade my browser.

Yes, in fact it is ONLY you who are affected. This was discovered in old versions of NSS, which means old Firefox and Chromium versions.

Re:A question I hope someone can answer

You should consider NCSA Mosaic. I can guarantee that it is not vulnerable to any flaws SSL or TLS.

Re:A question I hope someone can answer

[tom17]

I don't know his exact situation, but it's possible that the company he works at has an app that only works with IE6. There used to be many apps like this.

If this is such a case, the fuckwad is the company (for not hiring developers to upgrade the app) or the vendor that supplies the app without upgrading it (Maybe the company is still to blame for not moving to a more current product, or maybe there isn't one). Either way, the user that is forced to stick with the crappy browser is not necessarily the problem.

Though he might be! :) - Rather than assuming and bashing, we should answer the question... Oh wait. Slashdot :)

Re:A question I hope someone can answer

[jafiwam]

For those of us who are stuck using older browsers (FireFox v10 or IE6), even with SSL disabled and only TLS 1.0 enabled, will this be a problem?

As I said, stuck. I won't appreciate replies saying to upgrade my browser.

In IE 6.0, you can enable TLS 1.0. It is not on by default.

It is deep in the "Internet Settings" in "Security". Scroll down the list and find where it mentions TLS.

IE 6.0 does not do TLS 1.1 or later, so when TLS 1.0 gets shut off, you are done with it.

I believe RC4 is only in SSL 3.0 so that being on or off doesn't matter.

PS, most sites already have 3.0 off, so you may be in the clear already.

Re:A question I hope someone can answer

[lgw]

don't know his exact situation, but it's possible that the company he works at has an app that only works with IE6. There used to be many apps like this.

That's no excuse! IE6 belongs in a VM used only for internal sites and strictly firewalled off from the outside world. But even if you're stuck with IE6, at least run the latest FF or something beside it.

Re:A question I hope someone can answer

[tom17]

Unless your company/vendor forces you to use it externally, or will not provide said VM for internal sites.

I'm not agreeing that it's OK to use such a browser, just saying that it's not necessarily the users own fault. Companies can be idiots too when it comes to IT security.

Re:A question I hope someone can answer

My old windows 98/DOS gaming machine can't run a newer version of Firefox, so I'm stuck with version 2 or 3, or whatever it is. In fact, it was actually a bit of a challenge to find all the software versions I needed to run on an OS that old. CD Burning, movie playing, drivers, etc. It's like an IT archeological dig!

Re:After the jump BULLSHIT

> Disabling Javascript isn't going to help with that.

Correct. But it helps with the jump. That some try (and partly suceed) in making /. into a clickbait farm is sad and not a technical problem.

This is the God of Job

[grcumb]

If there were a just and caring God, he would never let geeks name things.

POODLE?

Jesus wept. Literally. He heard the name and wept tears.

Geeks made baby Jesus cry.

Re:This is the God of Job

Geeks aren't naming these vulns, thank sleazy marketing firms for this horrific trend

Re:This is the God of Job

[oldmac31310]

It is an acronym. Padding Oracle On Downgraded Legacy Encryption. Convenient, annoying, but not just randomly made up like so much other tech jargon.

Re:This is the God of Job

[geminidomino]

And if you don't think that's a backronym, I have some swampland in Florida to sell you.

Question

The impact of this problem is similar to that of POODLE, with the attack being slightly easier to execute–no need to downgrade modern clients down to SSL 3 first, TLS 1.2 will do just fine.

This seems like a good moment to reiterate that everything less than TLS 1.2 with an AEAD cipher suite is cryptographically broken. An IETF draft to prohibit RC4 is in Last Call at the moment but it would be wrong to believe that RC4 is uniquely bad. While RC4 is fundamentally broken and no implementation can save it, attacks against MtE-CBC ciphers have repeatedly been shown to be far more practical. Thankfully, TLS 1.2 support is about to hit 50% at the time of writing.

I am terribly confused. Is or isn't worth upgrading to TLS 1.2?

I am stuck with TLS 1.0 on FireFox v10 ESR. Tried v24, and it's just ick with the one of the bugs that I 'first' encounted with v17 with my "setup". "Up and down shaking" with my tab 'setup' if you're curious. I use two rows of tabs. And v31 is totally broken in a frustrating way. I may be able to manage v24 if I'm forced to, but I don't want to upgrade if I don't have to. (I wish Mozilla would just do security patches for all the ESRs. Not bug patches, but security patches. Wasn't that the point of having an ESR with which to begin?)

tl;dr For those of us on TLS 1.0, do we need to do anything, or is it something only server/website admins need to do?

Re:Question

Have you considered pale moon or one of the other firefox rewrites?

Re:Question

No, not yet. Not sure if I will. See my other post here: http://it.slashdot.org/comments.pl?sid=6333555&cid=48554549

Re:Question

If the issue is that firefox's new UI melts your face when you open the box, that's what pale moon is intended to fix. Here, have a portable version http://www.palemoon.org/palemo...

No idea if it will have the "shaking" problem with whatever plugin you've got for a multi-layered tab bar.

Re:Question

Not a plugin! The userchrome file

Nothing to see here

The CVE for this has already been rejected. There was an implementation problem on a specific piece of network equipment and not a general TLS implementation issue

Re:Nothing to see here

[jafiwam]

The CVE for this has already been rejected. There was an implementation problem on a specific piece of network equipment and not a general TLS implementation issue

Link?

Re:Nothing to see here

[DES]

https://www.imperialviolet.org...

This affects BigIP F5 and A10 load balancers which implement TLS incorrectly.

Re:Nothing to see here

[DES]

This affects BigIP F5 and A10 load balancers which implement TLS incorrectly.

Proper grouping: ((BigIP F5) and (A10)) (load balancers).

He probably can't, especially Firefox.

If he's running IE 6, upgrading may not be an option. He may need it for websites that will only work in it. Even if he does upgrade, he may only be able to upgrade to IE 8, which isn't much of an improvement.

And he surely can't upgrade Firefox. Firefox has gotten progressively worse since Firefox 10. Firefox 29, for example, brings in the Australis UI which is absolutely unusable. Firefox 33.1 brings in "sponsored tiles" (in-browser advertisements). And those are just two among many fuck-ups that Mozilla has forced upon Firefox users.

The Firefox situation is particularly sad. Mozilla has forced Firefox users to forgo security updates in order for these same users to retain a quasi-usable UI. I'm sure a lot of them would like to upgrade to get the security fixes. But it's hard to justify upgrading to avoid obscure security issues that will likely never be triggered, if it also means being constantly subjected to an unusable, broken UI from then on.

Re:He probably can't, especially Firefox.

Poster of http://it.slashdot.org/comments.pl?sid=6333555&cid=48553645 here

I use IE6 for Yahoo! Mail. It doesn't look right when using in FireFox v10 with a faked IE6 user agent. I think the subject of my e-mails were missing when viewing the inbox. With default user agent, it's that new ugly look. But I don't use IE6 much, and if I had to move away from TLS 1.0 on it (I have SSL 3 disabled on it), I could although it wouldn't be fun.

I use FireFox v10 ESR from Portableapps. I recall trying v17, but there was a problem. I have a custom userchrome.css set up to give me two rows of tabs with each having 7 fixed-width tabs. Any more than 14 tabs open and I have to scroll down. The problem? "Shaking". I mouse over, or even close a tab, and it jerks up and down real quick, the tab bar. It's annoying. Very annoying. It's also annoying to have my icons, not sure the word, but the borders I think were gone, for like back, forward, stop, refresh, and home.

I don't want to get into details, but with the work I do online, I use v10. It's comfortable. I don't need to be annoyed with annoying things while working. I'm technically self-employed by the way. The work I do is within FireFox itself... most of the time.

Re: He probably can't, especially Firefox.

Yahoo mail works fine in later versions of IE, and chrome.

Re:After the jump BULLSHIT

static html wth blink tags was good enough for my grandfather so its good enough for me.

Re:After the jump BULLSHIT

Hi! You must be new here. The most points that were most likely spent on him is 1. You see, it's only AC's like us that read as 0 out the gate. For registered users they normally start out at 1... unless they have an "Excellent" karma rating, which means they've made a significant number of posts that have been modded up, then a registered user will start out of the gate at a 2 before any mods are made. Looking at Mr. Nyder's posting profile, this is not outside of the realm of possibility. So It's very possible that no one wasted any points of Karma...thus, you're the only frickin retard in the bloody room ya frickin Limey!

Re:After the jump BULLSHIT

[Columcille]

You must be new here.

Re:After the jump BULLSHIT

Not to feed the trolls more but... did you know that if you are logged in you can click the comment score and SEE all the moderation on the comment?
At the current time, the post in question started at 2 and has +1 Funny for a total of 3.

If you are logged in, you can also change the weight of users to remove the karma bonus.

Link to POODLE 2 discoverer

Adam Langley of Google found the POODLE-with-TLS issue and started informing people:

https://www.imperialviolet.org/2014/12/08/poodleagain.html

Basically:

The POODLE attack leverage some weaknesses in how SSL 3 did padding of its packets. There was no easy way to fix the protocol, so the recommended way to deal with it was to disable SSL 3. However it turns that the padding function in TLS is a sub-set of SSL 3, so a lot of software simply re-uses it for both protocols. This allows the POODLE attack to be done against padding in TLS as well.

The issue is that some of this software is common load balancer software, which sits in from of many things.

SSL, Poodle and mail

[oldmac31310]

My mac mail has been messed up by this and I have had to disable ssl entirely or I can neither send nor receive mail despite having changed the port to one recommended by my web host. I have done a lot of googling on this but nothing solves the problem - otherwise I wouldn't bring it up here.

Anyone who doesn't irrationally hate Apple have any tips, suggestions for fixing this? I'm still using OS X 10.7 so maybe my best bet is to upgrade the OS, but would like to avoid doing so to keep some older programs running.

Re:SSL, Poodle and mail

[Moridineas]

I'm still using OS X 10.7 so maybe my best bet is to upgrade the OS, but would like to avoid doing so to keep some older programs running.

Out of curiosity, what programs do you use that break post-10.7?

The only program I've run into that works on 10.7 but not anything after is QuarkXPress 8 (and earlier) using a License Server (the license server networking code uses a deprecated system library).

Other than that, Yosemite has been grand.

Re:SSL, Poodle and mail

I'm still using OS X 10.7 so maybe my best bet is to upgrade the OS, but would like to avoid doing so to keep some older programs running.

Out of curiosity, what programs do you use that break post-10.7?

The only program I've run into that works on 10.7 but not anything after is QuarkXPress 8 (and earlier) using a License Server (the license server networking code uses a deprecated system library).

Other than that, Yosemite has been grand.

I'm still using OS X 10.7 so maybe my best bet is to upgrade the OS, but would like to avoid doing so to keep some older programs running.

Out of curiosity, what programs do you use that break post-10.7?

The only program I've run into that works on 10.7 but not anything after is QuarkXPress 8 (and earlier) using a License Server (the license server networking code uses a deprecated system library).

Other than that, Yosemite has been grand.

I'm still using OS X 10.7 so maybe my best bet is to upgrade the OS, but would like to avoid doing so to keep some older programs running.

Out of curiosity, what programs do you use that break post-10.7?

The only program I've run into that works on 10.7 but not anything after is QuarkXPress 8 (and earlier) using a License Server (the license server networking code uses a deprecated system library).

Other than that, Yosemite has been grand.

I'm still using OS X 10.7 so maybe my best bet is to upgrade the OS, but would like to avoid doing so to keep some older programs running.

Out of curiosity, what programs do you use that break post-10.7?

The only program I've run into that works on 10.7 but not anything after is QuarkXPress 8 (and earlier) using a License Server (the license server networking code uses a deprecated system library).

Other than that, Yosemite has been grand.

Re:SSL, Poodle and mail

[oldmac31310]

It's more a matter of - 'they ain't broke' - so I rather not find out what works and doesn't.

implementation flaw not protocol flaw

It is very important to understand that this is a flaw in some vendors' TLS implementation, NOT in the tls protocol itself.

Re:implementation flaw not protocol flaw

[TechyImmigrant]

It is very important to understand that this is a flaw in some vendors' TLS implementation, NOT in the tls protocol itself.

The protocol invites this sort of implementation error. Hence proposals like this: http://clearcrypt.org/tls/

Re:implementation flaw not protocol flaw

Even old browsers, such as IE 6.0 and older FireFox versions, which we may stuck with for a variety of reasons, supports TLS 1.0. I don't think TLS 1.0 will go away anytime soon, or I hope it doesn't go away.