Poodle and the Beast, this isn't a love story

Three years ago, Thai Duong and Juliano Rizzo demonstrated ^[1] an attack against one of the methods used in securing Internet traffic. 

They named their creation BEAST (Browser Exploit Against SSL/TLS) and created a stir in the Internet security community.  It specifically targeted SSLv3/TLSv1.0's CBC mode of operation using a flaw that was reported ten years before their proof of concept ^[2].  The vulnerabilities had been fixed in 2006 with the release of TLSv1.1, but the fix has not seen widespread adoption.  For example, only the latest release of Internet Explorer supports TLSv1.1 out of the box, today, older browsers still use the vulnerable TLSv1.0. ^[3]

At the time, improvements were made to mitigate the BEAST by preferring stronger algorithms in new browsers and web servers.  Mozilla updated Network Security Services (NSS) libraries, Microsoft released MS12-006 and Apple fixed BEAST to workaround the issue. ^[4]

Who is the real monster?

Fast forward to today, and Duong and Rizzo are at it again.  POODLE (Padding Oracle On Downgraded Legacy Encryption) was released showing critical vulnerabilities in SSLv3.  This is realized in a "downgrade dance" ^[5], where the browser and server first try to communicate with their most secure, supported protocol, and then downgrade if the communication fails.  POODLE can force this downgrade dance to SSLv3 and then break its crypto, exposing potentially sensitive data that the user thought was encrypted ^[6].

The problem with POODLE, unlike BEAST, is that it completely undermines the trustworthiness of SSLv3.  At least BEAST could be mitigated, POODLE can't.  This should be considered the final nail in the coffin for SSLv3.

Is the sky really falling this time?

So, the Internet is broken again, right?  But, we haven't seen the market tank, banks are still in business and nobody is running around waving their arms and screaming.  How bad is this exactly?

This depends on your mindframe.  The modern lock that the majority of us use on the front door of our homes has been susceptible to lock picking since a few hours after it was invented.  We all know this, yet, we sleep soundly at night knowing that the lock is there.  For more secure locations, we don't use a lock purchased at the corner hardware store, we use something better and stronger.

The same can be said about these types of exploits.  For the majority of people, it won't really have an affect.  Similarly, we recently heard about Heartbleed ^[7] and Shellshock ^[8], two very dangerous exploits that could be used to steal data.  Although these could and were used for malicious purposes, the majority of us weren't directly affected.

Whew, alright, so I don't have to do anything.  Wrong!

Just because this vulnerability is low risk, doesn't mean we can become lazy about the issue.  SSLv3 is broken, and there's no going back.  Now is the time to upgrade your browser to the latest version ^[3], and while you are at it, update all of your computer software to the latest versions.  If you want to be sure you aren't bitten by the POODLE, spend some time reading up on how to permanently turn off SSLv3 in your browser. ^[9]

References