The Poodle SSL vulnerability is a vulnerability which has been known for a couple of months now. It all started when Google decided to disable their SSL v3 option after they had discovered that the SSL v3 protocol is vulnerable for Man In The Middle Attacks.
It was in September that Bodo Moller, Thai Duong and Krzysztof Kotowics from the Google Security team discovered the vulnerability. On the 8th of December a variation of POODLE attacks where announced which impacted TLS.
The Poodle SSL hack has been inserted in the CVE ID database and it has been stored in the following CVE ID’s:
- CVE-2014-3566
- CVE-2014-8730
The Poodle attack against TLS has been announced on the 8th of December 2014. The POODLE attack exploits implementation flaws which are found in the TLS 1.0 and 1.2 protocols. Web services like Cloudflare, Wikimedia and Google have disabled the SSL 3.0 protocol to prevent the POODLE attack on their services. It is important that environments like Google take these decisions, each layer of security should be considered because they are dealing with a lot of personal and private information. The private information which is stored by Google needs to be protected against aggressors like Iran, China, Russia and the United States. Do you remember the Iranian hack on the Google Gmail accounts?! Well I do, and the POODLE attack would allow such type of cases to happen again. So, well done Google.
So we decided to take the Qualys SSL Labs project SSL scanner and started to scan some websites. Here are the results, and please do not be shocked. This is the internet, and this is the reason why hackers are still able to exploit thousands of users via wrongly configured servers and security layers. Enjoy!
Websites which are vulnerable to the POODLE attack:
- phltest.hipusa.com
- mail.mediacom.com
- msg.wikidoc.info
- fxonline1.anz.com
- umes.edu
- hub.icms.edu.au
- workday.com
- legacymail.wilmu.edu
- F aztaxes.gov
- anniesannuals.com
- wd1.myworkday.com
- sit2.health.money2.com
Dutch Banks vulnerable to POODLE attack
But hey, it gets even better. We scanned some Dutch Banks via the Qualys scanner and the results did shock us. ABN AMRO and the RABOBANK are vulnerable to the POODLE attack. These banks are used by millions of Dutch civilians each day. The banks are actively allowing cybercriminals to take advantage of unaware ABN AMRO and RABOBANK users.
But hey, lets be honest. There are some banks in the Netherlands which did a better job in securing their online environments. The ING bank was not directly vulnerable to the Poodle attack.
