Product News

Find out about our new product features, the latest platform changes, and discover company announcements before anyone else.

Risk Management

Stay up to date on third-party risk management best practices and techniques, and learn about new regulations for third party risk.

Security Research

Keep up with research around the biggest data breaches, malware infections, IoT risks and all the latest news in cybersecurity.

The POODLE Vulnerability: Is the Dog’s Bark Worse Than the Bite?

(October 27, 2014) – The instant the POODLE vulnerability within SSLv3 [CVE-2014-3536] was identified, SecurityScorecard R&D team moved to determine how much of the public  Internet was affected by this potentially severe security exposure. In addition, to separate fact from fiction, we sought to determine how exploitable POODLE was, and assign a true risk rating to it.

Screenshot from 2014-10-27 14:50:47
Fig 1.1 – Global Map of Servers vulnerable to POODLE

What is POODLE?

POODLE stands for Padded Oracle On Downgrade Legacy Attack [CVE-2014-3566]. It was first identified by researchers at Google. Those researchers compared the POODLE exploitation scenario to that of the BEAST SSL/TLS attack scenario of 2011, with variations on the mathematical decryption methodologies against the target encryption schema.

As of this blog posting, POODLE is thought by several security pundits to only impact Local Area Networks [LANs], decrypting traffic during a local Man in the Middle [MITM] attack. Further, they believe vulnerability is likely to impact small scale networks only. However, SecurityScorecard research found the problem may be more widespread than initially thought. Figure 1.1, PoodleMap.com, indicates more than 1,012,172 servers were detected as vulnerable, including those on military systems, government systems and large financial enterprise networks.

PoodleMap.com is a public website that shows the geographic distribution of POODLE vulnerable servers. We urge you to search your own IP addresses to see if your network is  affected.

How risky is POODLE?

SecurityScorecard research confirmed the PoodleMap.com findings. We identified in excess of 1 million public IP addresses were vulnerable to a POODLE SSL attack. More important, we found a greater risk lies within the potential that a Man-in-the-Middle [MITM] attack can be carried out at the ISP/carrier level. If an interception were to take place at at that level, decryption of large segments SSLv3 traffic would be possible.

.Although difficult for a novice hacker, an organized group of experienced cybercriminals could successfully carry out a carrier interception, as could rogue government units, and intelligence agencies the world over. SecurityScorecard believes this could lead to widespread data theft, loss of national secrets and loss of corporate intellectual property.

How can I defend my servers against POODLE?

A simple way to defend against the POODLE attack is to disable the use of SSLv3 and upgrade your instances of OpenSSL.

References

Google whitepaper – https://www.openssl.org/~bodo/ssl-poodle.pdf

Glossary

Carrier – Telecommunications company
POODLE – Padded Oracle On Downgrade Lecgacy Attack used to attack SSLv3
SSL – Secure Socket Layer used for encrypting communications
TLS – Transport Layer Security was developed as followup to SSL
MITM – Man In The MIddle attack whereby a malicious actor intercepts traffic
ISP – Internet Service Provider

What's your SecurityScorecard?
Hackers Ran Loose Inside JPMorgan For 2 Months Before Getting Caught