POODLE Exploits SSL 3.0 Fallback - SC Magazine
POODLE Exploits SSL 3.0 Fallback - SC Magazine
SC Magazine, By Teri Robinson
Google researchers have uncovered a vulnerability in the design of the widely used SSL version 3.0 that allows an attacker to intercept plaintext data from secure connections, putting quite literally millions of browsers in jeopardy.
Researchers Bodo Möller, Thai Duong and Krzysztof Kotowicz created a Padding Oracle On Downgraded Legacy Encryption (POODLE) attack that exploited the flaw, which Kaspersky Lab security expert Sergey Lozhkin, said the vulnerability “allows an attacker to decrypt data transmitted between a user and a website if a vulnerable version of the protocol is in use.”
Since the protocol is so popular, exploitation of the vulnerability “could expose private data, but only if an attacker successfully performed a complicated Man-in-the-Middle (MitM) attack,” Lozhkin said in a statement emailed to SCMagazine.com. Read more.
POODLE Exploits SSL 3.0 Fallback - SC Magazine
Kaspersky
Related Articles Business News
Kaspersky Lab Joins Forces with Merchant Risk Council to Help Combat eCommerce Fraud
As part of its mission to tackle online fraud, Kaspersky Lab has become the latest company to join forces with the Merchant Risk Council as Premier Solution Provider.Read More >Kaspersky Lab North America Recognized on CRN’s 2018 Security 100 List
Kaspersky Lab North America announced today that CRN®, a brand of The Channel Company, has named Kaspersky Lab to its third annual Security 100 list for endpoint security.Read More >Kaspersky Lab North America Releases its Inaugural Corporate Social Responsibility Report
Woburn, MA – December 19, 2017 – Kaspersky Lab North America today released its inaugural Corporate Social Responsibility Report, profiling the company’s continued commitment to volunteerism and philanthropy in the region over the past 12 months.Read More >