The Poodle SSL hack explained and demonstrated

The Poodle SSL vulnerability is a vulnerability which has been known for a couple of months now. It all started when Google decided to disable their SSL v3 option after they had discovered that the SSL v3 protocol is vulnerable for Man In The Middle Attacks.

It was in September that Bodo Moller, Thai Duong and Krzysztof Kotowics from the Google Security team discovered the vulnerability. On the 8th of December  a variation of POODLE attacks where announced which impacted TLS.

The Poodle SSL hack has been inserted in the CVE ID database and it has been stored in the following CVE ID’s:

  • CVE-2014-3566
  • CVE-2014-8730

The Poodle attack against TLS has been announced on the 8th of December 2014. The POODLE attack exploits implementation flaws which are found in the TLS 1.0 and 1.2 protocols. Web services like Cloudflare, Wikimedia and Google have disabled the SSL 3.0 protocol to prevent the POODLE attack on their services. It is important that environments like Google take these decisions, each layer of security should be considered because they are dealing with a lot of personal and private information. The private information which is stored by Google needs to be protected against aggressors like Iran, China, Russia and the United States. Do you remember the Iranian hack on the Google Gmail accounts?! Well I do, and the POODLE attack would allow such type of cases to happen again. So, well done Google.

So we decided to take the Qualys SSL Labs project SSL scanner and started to scan some websites. Here are the results, and please do not be shocked. This is the internet, and this is the reason why hackers are still able to exploit thousands of users via wrongly configured servers and security layers. Enjoy!

" data-link="">">Tweet

Be the first to comment

Leave a Reply