Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

More on the POODLE security virus

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

December 15, 2014

Click here to order the best deal on a HP enterprise dedicated server and at a great price.

The latest news on a high-profile security hole potentially exposes British banks' website traffic to potential eavesdropping.

The POODLE (Padding Oracle On Downgraded Legacy Encryption) security virus first surfaced in October of this year and was believed to affect only the obsolete but still widely used Secure Sockets Layer (SSL) 3.0 cryptographic algorithm.

Researchers revealed last week that the POODLE security flaw also affects versions of TLS (Transport Layer Security).

"The impact of this issue is similar to that of POODLE, with the attack being slightly easier to execute-- no need to downgrade modern clients down to SSL 3 first, TLS 1.2 will do just fine," explained Ivan Ristic, director of engineering at security firm Qualys.

The main targets are browsers, because the attacker must inject malicious JavaScript to initiate the attack.

"A successful attack will use about 256 requests to uncover one cookie character, or only 4096 requests for a 16-character cookie. This makes the attack quite practical," he warned.

Qualys has developed a free scanning tool designed to allow website owners a means to easily check their website for cryptographic issues, including, but not limited to, POODLE.

A review of British banking websites using Qualys’s SSL/TLS scanning tool shows that many are vulnerable to POODLE, including RBS (max: TLSv1, min: SSLv3); OneAccount (max: TLSv1, min: SSLv3); HSBC (max: TLSv1, min: SSLv3); Halifax (max: TLSv1, min: SSLv3); NatWest (max: TLSv1, min: SSLv3); Cooperative Bank (only TLSv1); Barclays (max: TLSv1.2, min: SSLv3); Tesco Bank (max: TLSv1, min: SSLv3) and Santander (max: TLSv1.2, min: TLSv1).

"Security at nearly all major British banks is pretty abysmal," said security consultant Paul Moore.

"TLSv1 alone is fifteen years old and of the above, only Santander supports the strongest protocols. That gives you some insight into how antiquated our banking system really is," he added.

Furthermore, Qualys estimates that around ten percent of web servers are vulnerable to the POODLE attack against TLS.

A hostile attacker might be able to exploit the POODLE security hole to unwrap the contentions of an encrypted transmission, leaving passwords, login cookies and other sensitive data open to potential wiretapping.

Disabling SSL 3.0 support in web applications is recommended since there's no patch as such, as an advisory by U.S. CERT explains.

The same internet security researchers who unearthed the Poodle vulnerability have however been able to develop a fix for TLS-based systems.

Source: Qualys Security.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet    Terms of use    Privacy agreement    Legal disclaimer