๐ What is a POODLE attack? How to prevent SSL POODLE attack?
๐ก Newskategorie: IT Security Nachrichten
๐ Quelle: cheapsslshop.com
SSL and TLS protocols were discovered to maintain secure communication. But even with such high-end security, we have faced security breaches.ย This flaw in data that came to light in the year 2014, was termed a POODLE attack. This article will focus on what a POODLE attack is, how it works, and in what ways can it be mitigated. What is a POODLE attack? POODLE is shorthand for Padding Oracle On Downgraded Legacy Encryption. Back in 2014, the security team at Google found that data flowing through encrypted channels are also prone to attack. The CVE of the original POODLE attack was CVE-2014-3566. In this, the attacker steals information flowing through a secured SSL (Secured Socket Layer) connection and decrypts it. In general, this attack applies only to SSL 3.0 and lower versions. The Transfer Layer Protocol (TLS) introduced in the year 1999 is free from such vulnerabilities. An attacker inserts itself within the communication session of the server and the client and degrades the browser to fall back to the SSL 3.0 version. This older version is easily vulnerable to attack and lets the attacker decrypt the sent data. SSL attack has become common in recent years. Risk factors associated with a POODLE attack POODLE attack has two parts- the first is the man-in-the-middle attack and the second is the padding oracle attack. Once an attacker is successful in launching both these attacks, he/she can easily decipher the data sent over the communication link. POODLE vulnerability is faced in โฆ
Continue reading "What is a POODLE attack? How to prevent SSL POODLE attack?"
...