The new kid on the block, or should we say dog on the block, is POODLE (Padding Oracle On Downgraded Legacy Encryption), a critical flaw in SSL 3.0 which has just been discovered by Google's security experts (though it dates back some 15 years).
We spoke to Itsik Mantin, director of security research at Imperva, about this latest vulnerability and how severe it is, as well as discussing mitigation tactics.
TechRadar Pro: How does this vulnerability work?
Itsik Mantin: The attack strives to hijack sessions by extracting SSL-protected session cookies.
The attack works on SSL 3.0, which is rarely used today, but the attacker can downgrade the SSL version to SSL 3.0 and then mount the attack.
It is important to note that encryption algorithms were not designed to protect data in the case of an attacker who can mix insecure modifiable data (request URL and parameters, insecure cookie) with secure data (session cookie), which is exactly the way SSL uses these algorithms.
BEAST and CRIME were patched, but similarly to them POODLE relies on this usage mode to mount another attack in the row.
TRP: How does this attack rank in terms of severity?
IM: The conditions that are required for the attack to be applicable are hard to obtain.
In particular, the attacker needs to become a man-in-the-middle between the attacked client and server, and to generate, block and modify client messages to the server and vice versa.
In addition, the attack requires a bypass to the browser Same Origin Policy (SOP), which is not explained in the research.
TRP: What mitigation strategies would you advise?
IM: The most common approach for becoming the man-in-the-middle is to convince the victim to connect to your Wi-Fi. The immediate implication for the average user is that when connected to an untrusted Wi-Fi network, he should assume that his browsing may be insecure.
I think the most important thing from a user's perspective is to be extra cautious when connecting to untrusted networks, in particular open Wi-Fi in public areas, and avoid visiting sensitive sites (e.g. banking applications).
I think one thing that shall not be considered, is switching from AES to RC4 when using SSL, as was recommended as a measure against BEAST.