Who said HTTPS is safe? Think again.


Users of Wi-Fi hotspots have been warned about the “Poodle” attack – the latest bug in Internet browsers that can hijack web sessions and transactions, and even extract data from secure HTTP connections, The Straits Times reported today.
Poodle, or Padding Oracle on Downgraded Legacy Encryption, exploits Secure Sockets Layer version 3 (SSLv3), one of the protocols used to secure Internet traffic, the Singapore daily said.
All major browsers, from Google Chrome to Mozilla Firefox, support SSLv3.
An attacker can access online banking or email systems “secured” by HTTP connections. The flaw was reported by Google employees – Bodo Möller, Thai Duong and Krzysztof Kotowicz – in a paper published on Thursday.
The Poodle attack relies on the fact that most web servers and browsers are still using an “ancient” SSLv3 to secure their communications.
Source: The Malaysian Insider
Posted in Security | Comments Off on Who said HTTPS is safe? Think again.