Jump to content

Poodle Attack - Security flaw in SSL v3 - ESET blocking

rugk

By rugk
in General Discussion

 Share

Recommended Posts

rugk

rugk 397

Posted
Posted

Nicknamed POODLE – it’s an acronym for Padding Oracle On Downgraded Legacy Encryption – Engadget reports that the bug “allows a man-in-the-middle attacker to decrypt HTTP cookies,” on SSL 3.0. Although SSL 3.0 is around 15 years old, it is still widely used in most web browsers and as a backup on servers if modern protocols fail to connect. Worryingly, “prospective attackers can force a server to default back to SSL 3.0 for the sake of the exploit.”

hxxp://www.welivesecurity.com/2014/10/15/poodle-attack-google-uncovers-major-flaw-ssl-3-0/

 

So this should be the end of SSL v3.

 

Now my suggestion for the ESET products...

What about making this?

post-3952-0-53395700-1413813449_thumb.png

Link to comment
Share on other sites
  • 2 weeks later...
  • 1 month later...
rugk

rugk 397

Posted
  • Author
Posted

This suggestion is now more than one month old... :(

What do you think about this, ESET?

 

It was discovered that also some TSL implementations can be affected by this vulnerability, but still SSL v3 is the main point of attack.

So isn't it a good idea to block not only SSL v2, but also SSL v3 with the SSL scanning of ESS or ESET NOD32?

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...