Dataconomy
  • News
  • AI
  • Big Data
  • Machine Learning
  • Trends
    • Blockchain
    • Cybersecurity
    • FinTech
    • Gaming
    • Internet of Things
    • Startups
    • Whitepapers
  • Industry
    • Energy & Environment
    • Finance
    • Healthcare
    • Industrial Goods & Services
    • Marketing & Sales
    • Retail & Consumer
    • Technology & IT
    • Transportation & Logistics
  • Events
  • About
    • About Us
    • Contact
    • Imprint
    • Legal & Privacy
    • Newsletter
    • Partner With Us
    • Writers wanted
Subscribe
No Result
View All Result
Dataconomy
  • News
  • AI
  • Big Data
  • Machine Learning
  • Trends
    • Blockchain
    • Cybersecurity
    • FinTech
    • Gaming
    • Internet of Things
    • Startups
    • Whitepapers
  • Industry
    • Energy & Environment
    • Finance
    • Healthcare
    • Industrial Goods & Services
    • Marketing & Sales
    • Retail & Consumer
    • Technology & IT
    • Transportation & Logistics
  • Events
  • About
    • About Us
    • Contact
    • Imprint
    • Legal & Privacy
    • Newsletter
    • Partner With Us
    • Writers wanted
Subscribe
No Result
View All Result
Dataconomy
No Result
View All Result

Google Issues Security Advisory Regarding Secure Communication Compromise with SSL 3.0’s POODLE bug

by admin
October 16, 2014
in News
Home News
Share on FacebookShare on TwitterShare on LinkedInShare on WhatsAppShare on e-mail

Google revealed the details of a critical vulnerability in the design of the Secure Sockets Layer (SSL) encryption, version 3.0, dubbed POODLE (Padding Oracle On Downgraded Legacy Encryption), earlier this week.

Using this kink in the armour, a network attacker can calculate the plaintext of secure connections, writes Bodo Möller of the Google Security Team, in a blog post. He discovered this issue in fellow Googlers Thai Duong and Krzysztof Kotowicz.

In case of a bug in HTTPS servers, browsers retry failed connections with older protocol versions, including SSL 3.0. A network attacker can force the use of SSL 3.0, by causing connection failures. Considering SSL 3.0’s widespread usage through most browsers, this poses a serious security issue.

More than disabling SSL 3.0 support, or CBC-mode ciphers with SSL 3.0, which might cause compatibility issues with to pop up Google recommends supporting TLS_FALLBACK_SCSV, a mechanism that it claims, “solves the problems caused by retrying failed connections and thus prevents attackers from inducing browsers to use SSL 3.0. It also prevents downgrades from TLS 1.2 to 1.1 or 1.0 and so may help prevent future attacks.”

“Google Chrome and our servers have supported TLS_FALLBACK_SCSV since February and thus we have good evidence that it can be used without compatibility problems. Additionally, Google Chrome will begin testing changes today that disable the fallback to SSL 3.0. This change will break some sites and those sites will need to be updated quickly,” writes Möller.


Join the Partisia Blockchain Hackathon, design the future, gain new skills, and win!


“[Poodle] is an industry-wide vulnerability that affects the protocol itself, and is not specific to Microsoft’s implementation of SSL or the Windows operating system,” wrote Tracey Pretorius, director of Response Communications, Microsoft, in context to the threat advisory issued earlier informing that SSL 3.0 will drive old sites offline.

Google will remove support for SSL 3.0 from its client products, in the next few months.

Read more here

Follow @DataconomyMedia

(Image Credit: Danny Sullivan)

Tags: GooglePadding Oracle On Downgraded Legacy EncryptionPoodleSSLTracey Pretorius

Related Posts

How did ChatGPT passed an MBA exam

How did ChatGPT passed an MBA exam?

January 27, 2023
Google code red: ChatGPT and You.com like AI-powered tools threatening the search engine. Moreover, latest Apple Search rumors increased the danger.

Google code red: ChatGPT, You.com and rumors of Apple Search challenge the dominance of search giant

January 26, 2023
T-Mobile data breach 2023 explained: Learn how did the leak happen and explore T-Mobile data breach history. It is not the first time of the company

T-Mobile data breach 2023: The telecom giant got hacked eight times in the last six years

January 20, 2023
Microsoft layoffs 2023: Amazon job cuts that affect 11,000 employees explained. Big tech layoffs continue... Learn why and what will happen next.

Microsoft layoffs will affect more than 11,000 employees

January 18, 2023
Medibank Data Breach Class Action: Compensation can reach up to $20,000 per person

Medibank Data Breach Class Action: Compensation can reach up to $20,000 per person

January 16, 2023
What is DoNotPay AI Lawyer? The world's first robot lawyer ready to give $1 million to represent you. How does it work? Keep reading.

DoNotPay AI lawyer is ready to give $1 million for any case in US

January 12, 2023

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

LATEST ARTICLES

How did ChatGPT passed an MBA exam?

AI prompt engineering is the key to limitless worlds

Transform your data into a competitive advantage with AaaS

Google code red: ChatGPT, You.com and rumors of Apple Search challenge the dominance of search giant

Tome AI offers a new way to create presentations easily

Transforming data into insightful information with BI reporting

Dataconomy

COPYRIGHT © DATACONOMY MEDIA GMBH, ALL RIGHTS RESERVED.

  • About
  • Imprint
  • Contact
  • Legal & Privacy
  • Partnership
  • Writers wanted

Follow Us

  • News
  • AI
  • Big Data
  • Machine Learning
  • Trends
    • Blockchain
    • Cybersecurity
    • FinTech
    • Gaming
    • Internet of Things
    • Startups
    • Whitepapers
  • Industry
    • Energy & Environment
    • Finance
    • Healthcare
    • Industrial Goods & Services
    • Marketing & Sales
    • Retail & Consumer
    • Technology & IT
    • Transportation & Logistics
  • Events
  • About
    • About Us
    • Contact
    • Imprint
    • Legal & Privacy
    • Newsletter
    • Partner With Us
    • Writers wanted
No Result
View All Result
Subscribe

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy Policy.