POODLE Flaw Returns, This Time Hitting TLS Protocol

← Back to Stories (view on slashdot.org)

POODLE Flaw Returns, This Time Hitting TLS Protocol

Posted by Soulskill on Monday December 8, 2014 @08:30PM from the its-bite-is-worse-than-its-bark dept.

angry tapir writes: If you patched your sites against a serious SSL flaw discovered in October you will have to check them again. Researchers have discovered that the POODLE vulnerability also affects implementations of the newer TLS protocol. The POODLE (Padding Oracle On Downgraded Legacy Encryption) vulnerability allows attackers who manage to intercept traffic between a user's browser and an HTTPS website to decrypt sensitive information, like the user's authentication cookies.

54 comments

Min score:

Reason:

Sort:

After the jump BULLSHIT by Anonymous Coward · 2014-12-08 20:54 · Score: -1, Flamebait

Can't anybody just post the damn direct link to the fucking advisory or source articles anymore.
What the fuck, you and the entire internet are a bunch of clickbait advertising whores.
Nobody gives a shit about your boring intermediate links and your revenue ads and sorry ass escuses for journalistic middlemen articles.
We want the goods.
1. Re:After the jump BULLSHIT by Nyder · 2014-12-08 21:01 · Score: 3, Funny
  
  Don't you mean Dog shit instead of bullshit? After all, this is a POODLE vulnerability.
  
  --
  Be seeing you...
2. Re:After the jump BULLSHIT by Anonymous Coward · 2014-12-08 21:02 · Score: 0
  
  https://www.imperialviolet.org/2014/12/08/poodleagain.html
3. Re:After the jump BULLSHIT by Anonymous Coward · 2014-12-08 21:07 · Score: 0
  
  Just disable Javascript. No jumps (OK, sometimes no sites, but I just don't see what I don't see: the worst offenders get winnowed out for me, so to speak).
4. Re:After the jump BULLSHIT by Anonymous Coward · 2014-12-08 21:08 · Score: 0
  
  No, I mean you're a pile of silly horse shit and whoever spent 2 points worth of karma on you is a frickin retard.
5. Re:After the jump BULLSHIT by wonkey_monkey · 2014-12-08 21:12 · Score: 1
  
  GP asked for this:
  
  Can't anybody just post the damn direct link to the fucking advisory or source articles anymore.
  Disabling Javascript isn't going to help with that.
  
  --
  systemd is Roko's Basilisk.
6. Re:After the jump BULLSHIT by Anonymous Coward · 2014-12-08 21:21 · Score: 0
  
  I consider these annoying Javascript sites to be part of the Dark Net. I simply don't see them.
7. Re:After the jump BULLSHIT by Anonymous Coward · 2014-12-08 21:45 · Score: 0
  
  > Disabling Javascript isn't going to help with that.
  Correct. But it helps with the jump. That some try (and partly suceed) in making /. into a clickbait farm is sad and not a technical problem.
8. Re:After the jump BULLSHIT by Anonymous Coward · 2014-12-09 01:10 · Score: 0
  
  static html wth blink tags was good enough for my grandfather so its good enough for me.
9. Re:After the jump BULLSHIT by Anonymous Coward · 2014-12-09 01:22 · Score: 1
  
  Hi! You must be new here. The most points that were most likely spent on him is 1. You see, it's only AC's like us that read as 0 out the gate. For registered users they normally start out at 1... unless they have an "Excellent" karma rating, which means they've made a significant number of posts that have been modded up, then a registered user will start out of the gate at a 2 before any mods are made. Looking at Mr. Nyder's posting profile, this is not outside of the realm of possibility. So It's very possible that no one wasted any points of Karma...thus, you're the only frickin retard in the bloody room ya frickin Limey!
10. Re:After the jump BULLSHIT by Columcille · 2014-12-09 01:48 · Score: 1
  
  You must be new here.
  
  --
  I love my sig.
11. Re:After the jump BULLSHIT by Anonymous Coward · 2014-12-09 02:12 · Score: 2, Interesting
  
  Not to feed the trolls more but... did you know that if you are logged in you can click the comment score and SEE all the moderation on the comment?
  At the current time, the post in question started at 2 and has +1 Funny for a total of 3.
  
  If you are logged in, you can also change the weight of users to remove the karma bonus.
Test your site with this by cyrus0101 · 2014-12-08 20:57 · Score: 5, Informative

The article references the SSL Labs tool which includes the TLS POODLE test: https://www.ssllabs.com/ssltes...
1. Re:Test your site with this by Architect_sasyr · 2014-12-08 22:58 · Score: 3, Insightful
  
  The SSL Labs are a fantastic reference.
  
  Turns out when I was using their guides and aiming for an A+ rating in October (not long after I took over the current post) I accidentally mitigated TLS POODLE before it even became publicly known. So.. whoops? Better not follow the best practices guides next time, better just patch the vulnerabilities as they come ;)
  
  --
  Me failed English...
  FreeBSD over Linux. If my comments seem odd, this may explain...
2. Re:Test your site with this by oobayly · 2014-12-08 23:52 · Score: 1
  
  If you're using IIS 7.5/8 there's this script for securing* it. Though it may lock out XP users (which probably isn't a bad thing) due to disabling RC4.
  * You there in the back, stop laughing.
3. Re:Test your site with this by Anonymous Coward · 2014-12-09 00:16 · Score: 0
  
  Was hoping this would be pointed to, for those not aware. Thank you!
4. Re:Test your site with this by Anonymous Coward · 2014-12-09 01:59 · Score: 0
  
  If you're using IIS 7.5/8 there's this script [www.hass.de] for securing* it.
  Yes, but not for this specific issue.
  It would be nice to have a list of products that are affected by this issue, but this article (yes, I RTFA) doesn't mention whether most major platforms are vulnerable or not.
5. Re:Test your site with this by Anonymous Coward · 2014-12-09 03:30 · Score: 0
  
  It's not platforms that are affected, it's ciphers. The question is what platforms can be configured for ciphers that are not affected by this issue.
6. Re:Test your site with this by RyoShin · 2014-12-09 10:18 · Score: 2
  
  Thankfully, this looks to be an implementation issue and not a protocol issue like SSL had. From the blog of the folks who run that SSL test:
  
  As problems go, this one should be easy to fix. [...] [E]ven though TLS is very strict about how its padding is formatted, it turns out that some TLS implementations omit to check the padding structure after decryption. Such implementations are vulnerable to the POODLE attack even with TLS. [...] According to our most recent SSL Pulse scan (which hasn’t been published yet), about 10% of the servers are vulnerable to the POODLE attack against TLS.
A question I hope someone can answer by Anonymous Coward · 2014-12-08 21:34 · Score: 0

For those of us who are stuck using older browsers (FireFox v10 or IE6), even with SSL disabled and only TLS 1.0 enabled, will this be a problem?
As I said, stuck. I won't appreciate replies saying to upgrade my browser.
1. Re: A question I hope someone can answer by Anonymous Coward · 2014-12-08 22:13 · Score: 5, Insightful
  
  Have you considered upgrading your browser!
2. Re:A question I hope someone can answer by Carewolf · 2014-12-08 23:03 · Score: 1
  
  For those of us who are stuck using older browsers (FireFox v10 or IE6), even with SSL disabled and only TLS 1.0 enabled, will this be a problem?
  As I said, stuck. I won't appreciate replies saying to upgrade my browser.
  Yes, in fact it is ONLY you who are affected. This was discovered in old versions of NSS, which means old Firefox and Chromium versions.
3. Re:A question I hope someone can answer by Anonymous Coward · 2014-12-09 00:16 · Score: 1
  
  You should consider NCSA Mosaic. I can guarantee that it is not vulnerable to any flaws SSL or TLS.
4. Re:A question I hope someone can answer by Anonymous Coward · 2014-12-09 00:49 · Score: -1
  
  Upgrade your damned browser, fuckwad. Fucking idiots like you are worse than ignorant people who never update. At least they have ignorance as an excuse. What's yours? You know you should upgrade, and yet don't?
  Get the fuck off the internet.
5. Re:A question I hope someone can answer by tom17 · 2014-12-09 01:15 · Score: 1
  
  I don't know his exact situation, but it's possible that the company he works at has an app that only works with IE6. There used to be many apps like this.
  If this is such a case, the fuckwad is the company (for not hiring developers to upgrade the app) or the vendor that supplies the app without upgrading it (Maybe the company is still to blame for not moving to a more current product, or maybe there isn't one). Either way, the user that is forced to stick with the crappy browser is not necessarily the problem.
  Though he might be! :) - Rather than assuming and bashing, we should answer the question... Oh wait. Slashdot :)
6. Re:A question I hope someone can answer by jafiwam · 2014-12-09 01:51 · Score: 1
  
  For those of us who are stuck using older browsers (FireFox v10 or IE6), even with SSL disabled and only TLS 1.0 enabled, will this be a problem?
  As I said, stuck. I won't appreciate replies saying to upgrade my browser.
  In IE 6.0, you can enable TLS 1.0. It is not on by default.
  It is deep in the "Internet Settings" in "Security". Scroll down the list and find where it mentions TLS.
  IE 6.0 does not do TLS 1.1 or later, so when TLS 1.0 gets shut off, you are done with it.
  I believe RC4 is only in SSL 3.0 so that being on or off doesn't matter.
  PS, most sites already have 3.0 off, so you may be in the clear already.
7. Re:A question I hope someone can answer by lgw · 2014-12-09 01:52 · Score: 2
  
  don't know his exact situation, but it's possible that the company he works at has an app that only works with IE6. There used to be many apps like this.
  That's no excuse! IE6 belongs in a VM used only for internal sites and strictly firewalled off from the outside world. But even if you're stuck with IE6, at least run the latest FF or something beside it.
  
  --
  Socialism: a lie told by totalitarians and believed by fools.
8. Re:A question I hope someone can answer by tom17 · 2014-12-09 02:08 · Score: 1
  
  Unless your company/vendor forces you to use it externally, or will not provide said VM for internal sites.
  I'm not agreeing that it's OK to use such a browser, just saying that it's not necessarily the users own fault. Companies can be idiots too when it comes to IT security.
9. Re:A question I hope someone can answer by Anonymous Coward · 2014-12-09 03:18 · Score: 0
  
  My old windows 98/DOS gaming machine can't run a newer version of Firefox, so I'm stuck with version 2 or 3, or whatever it is. In fact, it was actually a bit of a challenge to find all the software versions I needed to run on an OS that old. CD Burning, movie playing, drivers, etc. It's like an IT archeological dig!
This is the God of Job by grcumb · 2014-12-08 23:11 · Score: 1, Funny

If there were a just and caring God, he would never let geeks name things.
POODLE?
Jesus wept. Literally. He heard the name and wept tears.
Geeks made baby Jesus cry.

--
Crumb's Corollary: Never bring a knife to a bun fight.
1. Re:This is the God of Job by Anonymous Coward · 2014-12-09 01:12 · Score: 0
  
  Geeks aren't naming these vulns, thank sleazy marketing firms for this horrific trend
2. Re:This is the God of Job by oldmac31310 · 2014-12-09 04:30 · Score: 1
  
  It is an acronym. Padding Oracle On Downgraded Legacy Encryption. Convenient, annoying, but not just randomly made up like so much other tech jargon.
  
  --
  http://www.acetonestudio.com
3. Re:This is the God of Job by geminidomino · 2014-12-09 19:48 · Score: 1
  
  And if you don't think that's a backronym, I have some swampland in Florida to sell you.
Question by Anonymous Coward · 2014-12-09 00:13 · Score: 0

The impact of this problem is similar to that of POODLE, with the attack being slightly easier to execute–no need to downgrade modern clients down to SSL 3 first, TLS 1.2 will do just fine.
This seems like a good moment to reiterate that everything less than TLS 1.2 with an AEAD cipher suite is cryptographically broken. An IETF draft to prohibit RC4 is in Last Call at the moment but it would be wrong to believe that RC4 is uniquely bad. While RC4 is fundamentally broken and no implementation can save it, attacks against MtE-CBC ciphers have repeatedly been shown to be far more practical. Thankfully, TLS 1.2 support is about to hit 50% at the time of writing.
I am terribly confused. Is or isn't worth upgrading to TLS 1.2?
I am stuck with TLS 1.0 on FireFox v10 ESR. Tried v24, and it's just ick with the one of the bugs that I 'first' encounted with v17 with my "setup". "Up and down shaking" with my tab 'setup' if you're curious. I use two rows of tabs. And v31 is totally broken in a frustrating way. I may be able to manage v24 if I'm forced to, but I don't want to upgrade if I don't have to. (I wish Mozilla would just do security patches for all the ESRs. Not bug patches, but security patches. Wasn't that the point of having an ESR with which to begin?)
tl;dr For those of us on TLS 1.0, do we need to do anything, or is it something only server/website admins need to do?
1. Re:Question by Anonymous Coward · 2014-12-09 01:12 · Score: 0
  
  Have you considered pale moon or one of the other firefox rewrites?
2. Re:Question by Anonymous Coward · 2014-12-09 01:42 · Score: 0
  
  No, not yet. Not sure if I will. See my other post here: http://it.slashdot.org/comments.pl?sid=6333555&cid=48554549
3. Re:Question by Anonymous Coward · 2014-12-09 03:38 · Score: 0
  
  If the issue is that firefox's new UI melts your face when you open the box, that's what pale moon is intended to fix. Here, have a portable version http://www.palemoon.org/palemo...
  No idea if it will have the "shaking" problem with whatever plugin you've got for a multi-layered tab bar.
4. Re:Question by Anonymous Coward · 2014-12-09 03:43 · Score: 0
  
  Not a plugin! The userchrome file
yuo FaiL It by Anonymous Coward · 2014-12-09 00:46 · Score: -1

working on various From the sidelines, code.' Don't anybody's guess dying. Everyone May do, may not and enjoy all the steadily fucking
Nothing to see here by Anonymous Coward · 2014-12-09 00:48 · Score: 0

The CVE for this has already been rejected. There was an implementation problem on a specific piece of network equipment and not a general TLS implementation issue
1. Re:Nothing to see here by jafiwam · 2014-12-09 01:52 · Score: 1
  
  The CVE for this has already been rejected. There was an implementation problem on a specific piece of network equipment and not a general TLS implementation issue
  Link?
2. Re:Nothing to see here by DES · 2014-12-09 03:15 · Score: 1
  
  https://www.imperialviolet.org...
  This affects BigIP F5 and A10 load balancers which implement TLS incorrectly.
3. Re:Nothing to see here by DES · 2014-12-09 03:17 · Score: 1
  
  This affects BigIP F5 and A10 load balancers which implement TLS incorrectly.
  Proper grouping: ((BigIP F5) and (A10)) (load balancers).
He probably can't, especially Firefox. by Anonymous Coward · 2014-12-09 01:04 · Score: 0

If he's running IE 6, upgrading may not be an option. He may need it for websites that will only work in it. Even if he does upgrade, he may only be able to upgrade to IE 8, which isn't much of an improvement.
And he surely can't upgrade Firefox. Firefox has gotten progressively worse since Firefox 10. Firefox 29, for example, brings in the Australis UI which is absolutely unusable. Firefox 33.1 brings in "sponsored tiles" (in-browser advertisements). And those are just two among many fuck-ups that Mozilla has forced upon Firefox users.
The Firefox situation is particularly sad. Mozilla has forced Firefox users to forgo security updates in order for these same users to retain a quasi-usable UI. I'm sure a lot of them would like to upgrade to get the security fixes. But it's hard to justify upgrading to avoid obscure security issues that will likely never be triggered, if it also means being constantly subjected to an unusable, broken UI from then on.
1. Re:He probably can't, especially Firefox. by Anonymous Coward · 2014-12-09 01:24 · Score: 0
  
  Poster of http://it.slashdot.org/comments.pl?sid=6333555&cid=48553645 here
  I use IE6 for Yahoo! Mail. It doesn't look right when using in FireFox v10 with a faked IE6 user agent. I think the subject of my e-mails were missing when viewing the inbox. With default user agent, it's that new ugly look. But I don't use IE6 much, and if I had to move away from TLS 1.0 on it (I have SSL 3 disabled on it), I could although it wouldn't be fun.
  I use FireFox v10 ESR from Portableapps. I recall trying v17, but there was a problem. I have a custom userchrome.css set up to give me two rows of tabs with each having 7 fixed-width tabs. Any more than 14 tabs open and I have to scroll down. The problem? "Shaking". I mouse over, or even close a tab, and it jerks up and down real quick, the tab bar. It's annoying. Very annoying. It's also annoying to have my icons, not sure the word, but the borders I think were gone, for like back, forward, stop, refresh, and home.
  I don't want to get into details, but with the work I do online, I use v10. It's comfortable. I don't need to be annoyed with annoying things while working. I'm technically self-employed by the way. The work I do is within FireFox itself... most of the time.
2. Re: He probably can't, especially Firefox. by Anonymous Coward · 2014-12-09 03:17 · Score: 0
  
  Yahoo mail works fine in later versions of IE, and chrome.
Link to POODLE 2 discoverer by Anonymous Coward · 2014-12-09 03:21 · Score: 0

Adam Langley of Google found the POODLE-with-TLS issue and started informing people:
https://www.imperialviolet.org/2014/12/08/poodleagain.html
Basically:
The POODLE attack leverage some weaknesses in how SSL 3 did padding of its packets. There was no easy way to fix the protocol, so the recommended way to deal with it was to disable SSL 3. However it turns that the padding function in TLS is a sub-set of SSL 3, so a lot of software simply re-uses it for both protocols. This allows the POODLE attack to be done against padding in TLS as well.
The issue is that some of this software is common load balancer software, which sits in from of many things.
SSL, Poodle and mail by oldmac31310 · 2014-12-09 04:35 · Score: 1

My mac mail has been messed up by this and I have had to disable ssl entirely or I can neither send nor receive mail despite having changed the port to one recommended by my web host. I have done a lot of googling on this but nothing solves the problem - otherwise I wouldn't bring it up here.
Anyone who doesn't irrationally hate Apple have any tips, suggestions for fixing this? I'm still using OS X 10.7 so maybe my best bet is to upgrade the OS, but would like to avoid doing so to keep some older programs running.

--
http://www.acetonestudio.com
1. Re:SSL, Poodle and mail by Moridineas · 2014-12-09 04:43 · Score: 1
  
  I'm still using OS X 10.7 so maybe my best bet is to upgrade the OS, but would like to avoid doing so to keep some older programs running.
  Out of curiosity, what programs do you use that break post-10.7?
  The only program I've run into that works on 10.7 but not anything after is QuarkXPress 8 (and earlier) using a License Server (the license server networking code uses a deprecated system library).
  Other than that, Yosemite has been grand.
2. Re:SSL, Poodle and mail by Anonymous Coward · 2014-12-09 05:03 · Score: 0
  
  I'm still using OS X 10.7 so maybe my best bet is to upgrade the OS, but would like to avoid doing so to keep some older programs running.
  Out of curiosity, what programs do you use that break post-10.7?
  The only program I've run into that works on 10.7 but not anything after is QuarkXPress 8 (and earlier) using a License Server (the license server networking code uses a deprecated system library).
  Other than that, Yosemite has been grand.
  
  I'm still using OS X 10.7 so maybe my best bet is to upgrade the OS, but would like to avoid doing so to keep some older programs running.
  Out of curiosity, what programs do you use that break post-10.7?
  The only program I've run into that works on 10.7 but not anything after is QuarkXPress 8 (and earlier) using a License Server (the license server networking code uses a deprecated system library).
  Other than that, Yosemite has been grand.
  
  I'm still using OS X 10.7 so maybe my best bet is to upgrade the OS, but would like to avoid doing so to keep some older programs running.
  Out of curiosity, what programs do you use that break post-10.7?
  The only program I've run into that works on 10.7 but not anything after is QuarkXPress 8 (and earlier) using a License Server (the license server networking code uses a deprecated system library).
  Other than that, Yosemite has been grand.
  
  I'm still using OS X 10.7 so maybe my best bet is to upgrade the OS, but would like to avoid doing so to keep some older programs running.
  Out of curiosity, what programs do you use that break post-10.7?
  The only program I've run into that works on 10.7 but not anything after is QuarkXPress 8 (and earlier) using a License Server (the license server networking code uses a deprecated system library).
  Other than that, Yosemite has been grand.
3. Re:SSL, Poodle and mail by oldmac31310 · 2014-12-09 06:31 · Score: 1
  
  It's more a matter of - 'they ain't broke' - so I rather not find out what works and doesn't.
  
  --
  http://www.acetonestudio.com
implementation flaw not protocol flaw by Anonymous Coward · 2014-12-09 05:11 · Score: 2, Informative

It is very important to understand that this is a flaw in some vendors' TLS implementation, NOT in the tls protocol itself.
1. Re:implementation flaw not protocol flaw by TechyImmigrant · 2014-12-09 07:33 · Score: 1
  
  It is very important to understand that this is a flaw in some vendors' TLS implementation, NOT in the tls protocol itself.
  The protocol invites this sort of implementation error. Hence proposals like this: http://clearcrypt.org/tls/
  
  --
  I should use this sig to advertise my book ISBN-13 : 978-1501515132.
2. Re:implementation flaw not protocol flaw by Anonymous Coward · 2014-12-09 18:05 · Score: 0
  
  Even old browsers, such as IE 6.0 and older FireFox versions, which we may stuck with for a variety of reasons, supports TLS 1.0. I don't think TLS 1.0 will go away anytime soon, or I hope it doesn't go away.