Urgent News: Poodleleed Attack Prevention

puddle_blog

We have an urgent message for all our current users. For the past 24 hours, some clients have experienced problems with processing their purchases through PayPal. The reason for that is great vulnerability that happened to majority of services and devices that utilize SSLv3.

What is Poodebleed?

An acronym for Paddling Oracle On Downgraded Legacy Encryption, Poodlebleed is a type of vulnerability in the design of SSL version 3.0. Discovered by Google Security Team, the bug allows to decrypt secure connections to plaintext.

Taking into account the fact that SSL 3.0 is 15 year old, yet majority of services, web browsers and severs use it widely. To learn more, visit:

http://poodlebleed.com/

http://security.stackexchange.com/questions/70719/ssl3-poodle-vulnerability

How Does Poodlebleed Work?

In order to perform a test for Poodlebleed, go to https://www.poodletest.com/. If you see a poodle below, then your browser supports SSLv3 and you are vulnerable!

Originally, web browsers failing to connect to a newer SSL versions are designed to fall back to a SSL 3.0.

That is when cybercriminals come in. A network attacker can use an operation to cause artificial connection failure, and service is switched from safer TLS 1.0, 1.1, or 1.2 to vulnerable SSL 3.0 connection. Then the attacker uses the poodle bug and decrypts transmitted data package, gaining access to secure content. This happens on the stage when the data is sent by a service, browser or server.

“POODLE could allow an attacker to hijack and decrypt the session cookie that identifies you to a service like Twitter or Google, and then take over your accounts without needing your password.” http://www.wired.com/2014/10/poodle-explained/

Making Sure You Are Safe!

Qualys, Inc., offers you to use a browser test to detect if your server is currently running with SSL 3.0. Disabling SSL 3.0 prevents modern browser from the possible eavesdropping or any other attempts to access the services you currently use. Also, these actions will allow you to run your device in a safe mode with secure access to the services that you use all the time.

What Actions Did We Take to Protect Our Customers?

We have already performed an extensive server work along with our colleagues from PayPal to liquidate the outcomes of the security breach and ensure the highest level of protection of our customers’ data. Now, all of our services are completely Poodlebleed bug free! And we continue to provide maximum online security through our secure VPN Unlimited service.


Leave a Reply

Your email address will not be published / Required fields are marked *