The Internet has been bitten by POODLE
October 16, 2014 2:25 PM   Subscribe

POODLE (Padding Oracle On Downgraded Legacy Encryption) is the latest exploit found in SSL, a protocol used widely across the Internet for secure connections. Engineers at Google discovered the exploit, and they have written a white paper discussing it. In response, Google is disabling SSL in all Google products. Some are calling this the death of SSL. For web users, disabling SSL in your browser is recommended. Here is a tool to identify if your browser is potentially affected by the POODLE exploit.
posted by deathpanels (97 comments total) 36 users marked this as a favorite
 
Well that's been coming a while. Welcome to TLS.
posted by Tell Me No Lies at 2:28 PM on October 16, 2014 [2 favorites]


what in the actual fuck
posted by boo_radley at 2:30 PM on October 16, 2014


Well that's been coming a while. Welcome to TLS.

This seems a little off the Times Literary Supplement's usual beat.
posted by yoink at 2:34 PM on October 16, 2014 [31 favorites]


This has turned what would ordinarily have been a quiet Thursday at work recovering from last nights birthday party to a neverending hell of trying to figure out what is at risk, how much, and what are we going to do about it.

Sometimes, I wish I could be like the security team at Home Depot and just not ever give a fuck.
posted by Pogo_Fuzzybutt at 2:34 PM on October 16, 2014 [14 favorites]


For web users, disabling SSL in your browser is recommended

How do you go about that?
posted by Iridic at 2:35 PM on October 16, 2014 [2 favorites]




Here are some instructions for the Big Three browsers.
posted by muddgirl at 2:37 PM on October 16, 2014 [6 favorites]


How do you go about that?

Try here for guides.
posted by howfar at 2:38 PM on October 16, 2014 [1 favorite]


Disabling SSL 3.0, right? Not all SSL?
posted by boo_radley at 2:38 PM on October 16, 2014 [4 favorites]


Google is working on disabling SSL 3.0.
SSL 3.0 is nearly 18 years old, but support for it remains widespread. Most importantly, nearly all browsers support it and, in order to work around bugs in HTTPS servers, browsers will retry failed connections with older protocol versions, including SSL 3.0. Because a network attacker can cause connection failures, they can trigger the use of SSL 3.0 and then exploit this issue.
posted by lantius at 2:38 PM on October 16, 2014


Disabling SSL 3.0, right? Not all SSL?

Right. SSL 2.0 is still good and all of the TLS versions are fine.
posted by Tell Me No Lies at 2:40 PM on October 16, 2014 [1 favorite]


While google may be disabling this on all of their products, they aren't there yet.

From the google link above "In the coming months, we hope to remove support for SSL 3.0 completely from our client products."
posted by el io at 2:40 PM on October 16, 2014



what in the actual fuck

Disabling SSL 3.0, right? Not all SSL?


By my understanding, SSL has been pretty much superceded by TLS. To the point where SSL is not needed anymore. But, to avoid confusing non-security types, normally layfolks are still told that "SSL is what makes your connection secure." No need to mention the new TLA (three letter acronym).

So SSL going away is not going to leave any connections unsecured.
posted by sparklemotion at 2:40 PM on October 16, 2014 [4 favorites]


Between this and the PowerPoint exploit from a couple days ago, our IT department must be shitting themselves.
posted by backseatpilot at 2:41 PM on October 16, 2014


>>Disabling SSL 3.0, right? Not all SSL?
>
>Right. SSL 2.0 is still good and all of the TLS versions are fine.


(Oh, and SSL 1.0 is still fine although I challenge you to find a piece of software running it.)
posted by Tell Me No Lies at 2:41 PM on October 16, 2014


Once again, Microsoft holds everyone back. Outlook 2003 does not have TLS and requires SSL to connect to SMTP or IMAP over encryption.
posted by pashdown at 2:42 PM on October 16, 2014 [1 favorite]


Between POODLE and CVE-2014-4114 ("sandworm") I've had quite the shitty past few workdays.
posted by namewithoutwords at 2:43 PM on October 16, 2014 [2 favorites]


Are these getting more attention then they used to but not increasing in frequency, or is my suspicion correct that the Internet is currently in a state of massive permanent breakdown?
posted by codacorolla at 2:43 PM on October 16, 2014 [5 favorites]


#notallssl
posted by howfar at 2:44 PM on October 16, 2014 [27 favorites]


Outlook 2003 does not have TLS...

I think I see your problem right there.
posted by Kadin2048 at 2:46 PM on October 16, 2014 [23 favorites]


I suspect it's always been this bad. I remember that at one point the unbox-to-infection lifespan for WinXP was in the realm of minutes because of... crap, they all blend together now.

Given how security seems to be an afterthought in most commercial products and the growing ubiquity of computing devices in all parts of our lives, I really dread the day somebody figures out how to target implanted pacemakers and the like.
posted by fifteen schnitzengruben is my limit at 2:51 PM on October 16, 2014 [2 favorites]


Are these getting more attention then they used to but not increasing in frequency, or is my suspicion correct that the Internet is currently in a state of massive permanent breakdown?

I'd have to see your other examples to know. In terms of protocols: SSL 3.0 was released by Netscape in 1996. TLS 1.2 (the latest of the "SSL" technologies) was released in 2008. The fact that people are still using 3.0 at all is a testament to inertia more than anything else.
posted by Tell Me No Lies at 2:53 PM on October 16, 2014 [7 favorites]


My connection seemed to be a little slow today, especially to Google. Then I followed the instructions in howfar's link and now the browser is going like greased lighting. Could it be a coincidence?
posted by Kevin Street at 2:53 PM on October 16, 2014


all network security holes should have canine acronyms. i challenge metafilter to come up with something plausible that spells "schnauzer".
posted by bruce at 2:56 PM on October 16, 2014 [7 favorites]


Good month to be a blackhat.

For me, well, I picked the wrong month to stop sniffing glue.
posted by gwint at 3:00 PM on October 16, 2014 [10 favorites]


There's a branding problem here. After SSL 3.0 (1996), the next version of the protocol was renamed TLS (with 1.0, in 1999). Since then, there has been TLS 1.1 (2006) and 1.2 (2008). SSL 1.0 was never released. SSL 2.0 was released in 1995 but realized to be insecure, hence SSL 3.0.

For the most part, everyone should be using TLS, and should have switched a long, long time ago. Support was only kept to deal with old, buggy servers.
posted by Monday, stony Monday at 3:03 PM on October 16, 2014 [4 favorites]


Secure Connection Half-Node Attack Using Zone Error Reporting
posted by Tell Me No Lies at 3:04 PM on October 16, 2014 [35 favorites]


As someone who thinks of all web encryption as SSL, the wording of the post caused a bit of a freakout.
posted by ckape at 3:05 PM on October 16, 2014 [17 favorites]


SSL caching handler not accepting unhandled zero error reporting?

In reality this hasn't been a heartbleed type event, it's been a minor inconvenience at best - it has pretty much killed SSL3 though.
posted by BigCalm at 3:06 PM on October 16, 2014 [3 favorites]


Let's dance on its grave:

HURRAY!

*shakes hips*
posted by Monday, stony Monday at 3:07 PM on October 16, 2014 [1 favorite]


is ssl the same thing as HTTPS?
posted by rebent at 3:08 PM on October 16, 2014


"Death of SSL" when we've got people to think of https as equal to SSL (it's not, SSL is just the old protocol, since supplanted by TLS) is really bad terminology, even if it's technically accurate.

What's annoying is that I think IIS hides https protocols in settings that have to be changed at the registry level, so we'll have to make sure that SSL 3.0 is disabled on all our servers the hard way.
posted by graymouser at 3:11 PM on October 16, 2014 [3 favorites]


No, rebent, but it's what HTTPS was originally built on top of. It was superseded by better technology over the years, but (among other things) IE6 didn't have TLS on by default so people kept supporting it on their servers. Which meant clients kept supporting it. Which means your connection could be potentially tricked into falling back to it.
posted by introp at 3:13 PM on October 16, 2014 [1 favorite]


EBOLA: Electronic Bug Outage Lingual Accessory.
posted by oceanjesse at 3:16 PM on October 16, 2014 [2 favorites]


achievment unlocked!

the next level: you have formed an anti-schnauzer consulting firm, and you have a patch for this hole. can you go into a customer company's boardroom and discuss the merits of the anti-schnauzer patch without losing it?
posted by bruce at 3:24 PM on October 16, 2014


I think it's really great how Firefox and Chrome decided to remove the UI accessible setting for changing this because they think their users are too dumb to handle it
posted by junco at 3:25 PM on October 16, 2014 [10 favorites]


is ssl the same thing as HTTPS?

SSL is one mechanism for HTTPS. HTTPS is HTTP-Secure. The transport commonly used is TLS (Transaction Layer Security, IIRC,) which was a replacement for SSL (Secure Socket Layer.)

What this attack can do is, if they can inject code at one end, recover enough data to potentially allow the encryption to be broken and the data stream to be read. It's a real flaw, but it is in no way Heartbleed and I don't even think it's even ShellShock level. For ShellShock to be bad, you needed an externally facing service to call bash.

It leverages the socket layer negotiation to force the connection to SSLv3, even if TLS is available.

It's still a real hole. It can apparently be patched, but we've had SSLv3 on the "deprecated" list for years, so many are choosing to actually disable it rather than fix it.

The most notable browser that doesn't use TLS by default is IE6, which everyone thinks is dead but it isn't. IE6 supports TLS, you have to explicitly tell it to use TLS, and then tell it not to use SSLv3.

Safari is a current problem case, in that there's no obvious mechanism to disable SSLv3. It defaults to TLSv1.3, but part of the attack is to deliberately refuse TLS and offer SSL. I smell a patch coming (unless there's a command line switch I don't know about.)
posted by eriko at 3:26 PM on October 16, 2014 [4 favorites]


I think it's really great how Firefox and Chrome decided to remove the UI accessible setting for changing this because they think their users are too dumb to handle it

A lot of Firefox's settings are in about:config. I never thought it meant I was too dumb to handle them, just that they are settings that only need to be changed once in a lifetime, which has been true so far.
posted by muddgirl at 3:27 PM on October 16, 2014 [16 favorites]


I think it's really great how Firefox and Chrome decided to remove the UI accessible setting for changing this because they think their users are too dumb to handle it

In the case of Firefox, removing configuration UI entirely does seem like the natural progression of their constant UI changes.
posted by weston at 3:31 PM on October 16, 2014 [1 favorite]


I think it's really great how Firefox and Chrome decided to remove the UI accessible setting for changing this because they think their users are too dumb to handle it

The removed it because so many people had, in fact, set things to massively insecure settings.

When it comes to computers, users are dumb. I don't blame them for this -- smart guys wrote SSLv3 and yet it has a hole, and they haven't spent nearly as much time learning the nuts-and-bolts of transaction security that people in the business have. More importantly, THEY SHOULD NEVER NEED TO LEARN THAT.

I'm torn on this. I get the point that enabling good-chiper SSL/TLS and locking the control away in general makes things more secure, but not being able to disable SSLv3 right now leaves Safari vulnerable. But, I'll be honest, would I want to walk a bunch of users through disabling *just* SSLv3 and hope they didn't click something that disabled TLS as well? Hell. Fucking. No.

A lot of Firefox's settings are in about:config

SSL/TLS and what ciphers they had used to be in preferences. This was mainly because of the old export restrictions, so that's where we'd go to disable the 40 bit ciphers and enable the 128 bit ciphers, after being told it would be illegal to export Firefox if we did so.
posted by eriko at 3:31 PM on October 16, 2014 [8 favorites]


their users are too dumb to handle it

I agree
posted by oceanjesse at 3:33 PM on October 16, 2014 [4 favorites]


For me, POODLE has been a minor blip compared to Shellshock. So far.
posted by tommasz at 3:34 PM on October 16, 2014


Outlook 2003 does not have TLS...

I think I see your problem right there.


office for windows past 2003 is hellish fucking unusable garbage though
posted by poffin boffin at 3:36 PM on October 16, 2014 [3 favorites]


> I think it's really great how Firefox and Chrome decided to remove the UI accessible setting for changing this because they think their users are too dumb to handle it

Serious thanks for making that comment. I hate hate hate upgrading Firefox for all the obvious reasons, so when I tried modifying about:config to disable SSL it didn't work. Your comment made me 1) go look in Options, where I could disable it, but 2) feel even more anticipatory loathing of upgrading, which security problems like this point out that I really need to do.
posted by benito.strauss at 3:39 PM on October 16, 2014


So if you pin Chrome to the taskbar, you can't access shortcut properties... and you can't add the disable command thingy the executable either... so the only option is to launch it from the desktop or the Start menu. Oh well. I guess I'll have to settle for the security by obscurity principle.
posted by Pyrogenesis at 3:40 PM on October 16, 2014 [2 favorites]


Pyrogenesis, are you on Win7? I've got some programs in my taskbar where I can Shift+RightClick and get Properties. It doesn't work for all of them, though. And I can't exactly remember how I created them. Maybe drag the .exe to the task bar instead of clicking "Pin". Or maybe creating a short cut in a folder, then dragging that to the taskbar ... Sorry I can't give you reliable details, but I have done it in the past.
posted by benito.strauss at 3:45 PM on October 16, 2014


There's no good way to disable this on the most recent OS/X, Mavericks, Chrome.

If you're geeky, you can start your Chrome - except that when your machine restarts, it'll restart the original version. Lame!
posted by lupus_yonderboy at 3:52 PM on October 16, 2014


Found it. First right click the pinned app and then once again right-click the smaller app icon, above the close window and pin/unpin icons.
posted by Pyrogenesis at 3:53 PM on October 16, 2014 [5 favorites]


Pyrogenesis, I unpinned Chrome, searched for it in the Start menu, then right clicked the shortcut in the menu to get Properties and changed it as described above

For some reason, this gave me TWO Chrome shortcuts when I searched the menu again (one with the fix and one without), but I deleted the bad one and pinned the good one. I tested it after launching from the taskbar and it was fine.

OTOH, Chrome on the Mac can be protected only if you create an application in Automator. Sheesh.
posted by maudlin at 3:53 PM on October 16, 2014


Pyrogenesis, I unpinned Chrome, searched for it in the Start menu, then right clicked the shortcut in the menu to get Properties and changed it as described above

That's what I did, except for the part about unpinning Chrome. Seemed to work.
posted by Kevin Street at 4:01 PM on October 16, 2014


It's pretty hilarious that there's no real solution to this on OSX that's like, a real solution. Chrome needs the automator thing, and safari is just fucked. Is there anything for firefox?

I've got some programs in my taskbar where I can Shift+RightClick and get Properties. It doesn't work for all of them, though.

Doesn't work for chrome on my win7 workstation.

lmao.



All that said, i'm fairly annoyed at the iOS-ification of everything. Users don't need that button 99% of the time? Let's just can it! What the hell happened to the "advanced settings" menu, or button within the main options/config popups that nearly every application used to have?

Also, has anyone even discussed or explored how you're supposed to do with this at all on mobile browsers? Is there anything at all to be done on iOS? what about android? What about android versions predating the inclusion of chrome? what about stuff like samsung phones that ship with their own tweaked browser that basically everyone who buys one uses by default?
posted by emptythought at 4:01 PM on October 16, 2014 [8 favorites]


I found this page useful for making changes to browsers:

https://zmap.io/sslv3/browsers.html
posted by terrapin at 4:09 PM on October 16, 2014 [4 favorites]


Worse still, TLS (the successor to SSL) is pretty weak as well, up until at least Verison 1.2 of the spec (which was "only" introduced in 2008).

The SHA-1 cypher used in earlier versions is dangerously weak, and nobody seems to care, as more than 90% of secure sites on the net still default to (the significantly less secure) TLS 1.1 or earlier.

If there's one clear takeaway here, it's that graceful (and transparent) degradation needs to die in a fire when it comes to security. If a browser is using a crypto algorithm that's known to be weaker than the current state of the art, users need to see giant red flags.
posted by schmod at 4:20 PM on October 16, 2014 [6 favorites]


their users are too dumb to handle it

Pragmatism.
posted by dhartung at 4:22 PM on October 16, 2014


All that said, i'm fairly annoyed at the iOS-ification of everything. Users don't need that button 99% of the time? Let's just can it! What the hell happened to the "advanced settings" menu, or button within the main options/config popups that nearly every application used to have?

Users got the impression that everything they can access should be both tested and supported. It's been downhill since then.
posted by Tell Me No Lies at 4:31 PM on October 16, 2014 [4 favorites]


The weird thing about all of the exploits and hacks and leaked data over the past few years is that the amount of people affected is so increasingly immense that--even though obviously I understand my personal risks are real--I feel weirdly safe, if only because if the tens of millions of people affected is such a huge target that even if, say, an astounding 100,000 people were hacked, that puts my odds at being a victim at what? 1%?

You should probably consider this more an exercise in making myself feel better than a sober recounting of actual odds. But still.
posted by DirtyOldTown at 4:32 PM on October 16, 2014


The silver lining here is that IE 6 has no support for TSL and never will. So this might be what finally kills off IE6.
posted by deathpanels at 4:33 PM on October 16, 2014 [2 favorites]


Nitpick: IE6 supports TLS 1.0, it's just turned off by default and requires user intervention to activate. Why MS never shipped an auto update that enabled it is a long and tortured story.
posted by introp at 4:36 PM on October 16, 2014 [2 favorites]


Between POODLE and CVE-2014-4114 ("sandworm") I've had quite the shitty past few workdays.

I expect more urgent RFC's down the pipe to close yet more of these kinds of issues. Sorta-long-term exploitable stuff in the infrastructure... Better late than never, I guess.
posted by mikelieman at 4:37 PM on October 16, 2014


Unfortunately Chrome OS requires switching over to dev mode (pain in the butt) to fix it yourself. I'll just wait for the distributed patch...
posted by jim in austin at 4:40 PM on October 16, 2014


This is also a slightly less scary bug than it sounds because to exploit it you need to be able to man-in-the-middle the connection to force the downgrade and then make a shitton of requests to walk the cookie across the block boundary in the encryption. If your home network is something approaching secure (i.e. your wifi isn't open to the world) it's pretty difficult to make this one stick (I think). Likewise it's not super scary for non-http connections (*cough* smtp *cough) where you can't just get the client to run javascript to make those shitton of requests. It's end-of-the-line if you're in a starbucks or something though.

Exploits like this make me really glad the http portions of my job are cosmetic so I can just force TLSv1+ on the webservers. If you're browsing us on a 1990s feature phone or IE6 you can upgrade or not read our blog, no skin off my back. It's shameful that TLSv1.2 isn't default for everything and that we started again with TLS 1.0 instead of calling it SSL 4.0 (higher numbers are better, rite guize?)

Edit: I forgot to include ImperialViolet's nice visual explanation of the crytpo behind this flaw.
posted by Skorgu at 4:45 PM on October 16, 2014 [2 favorites]


You staunched
HEARTBLEED
You sheltered yourself from
SHELLSHOCK
But are you ready for the epic wrath of
POODLE?

Seems like some people need to work on their PR. Pro tip: try to sound more menacing than the next Ubuntu release.
posted by uosuaq at 5:09 PM on October 16, 2014 [15 favorites]


It's times like this that I wish Frank Zappa's music was a generally-known part of mainstream American culture, just so I could make a well-timed reference to "The POODLE bites, the POODLE chews" and not have people stare at me in total incomprehension.
posted by Strange Interlude at 5:12 PM on October 16, 2014 [5 favorites]


(I would of course follow up that joke with "Not a speck of serial", and have to leave the room due to severe awkwardness.)
posted by Strange Interlude at 5:14 PM on October 16, 2014 [2 favorites]


Win 7 people: Right-click the icon in the taskbar to bring up the menu, then right-click again on the program's icon inside that menu (the one right above Unpin). That'll let you change the Properties right there.
posted by wanderingmind at 5:16 PM on October 16, 2014 [1 favorite]


I wanna play with your POODLE...
posted by BungaDunga at 5:19 PM on October 16, 2014


I feel weirdly safe, if only because if the tens of millions of people affected is such a huge target that even if, say, an astounding 100,000 people were hacked, that puts my odds at being a victim at what? 1%?

Yeah, obtaining access to data and systems has become largely automated but exploitation is still done on a case by case basis. I'm hoping that support systems for things like Bitcoin or Apple Pay will allow us to start stealing from millions of people at a time as well.
posted by Tell Me No Lies at 5:21 PM on October 16, 2014


Guess I'll be using OSX Firefox for the foreseeable future.
I can't believe the hoops you have to jump through to change OSX Chrome.
Like I even know what Automator is.
posted by John Kennedy Toole Box at 5:28 PM on October 16, 2014


The arrival of poodles in the court of Louis XVI presaged his doom. Just sayin'.

PS: Quiche Lorraine.
posted by Sys Rq at 5:39 PM on October 16, 2014 [1 favorite]


> OTOH, Chrome on the Mac can be protected only if you create an application in Automator. Sheesh.

Less onerous than it sounds. It's not really an application you're creating, it's just a macro pointing to a one-liner shell script that says, "Open Chrome with these particular flags enabled." The macro is a little icon on your desktop, which you can then copy to the Dock, launch from Spotlight, whatever.

Hypothetically you could make one and then circulate it among all your Mac-using friends, since everybody's copy of Chrome will presumably be in /Applications/Google\ Chrome.app. But that of course is a risk to them (since they should not implicitly trust what you email them), so it's better for your friends to make their own macro-applets.

I had to do this last year when working on a project which required Chrome to be less secure. (The project itself was intended to be pretty highly secure. But us devs were running the server-side stuff in local sandboxes with bogus credentials, so to keep the browser from saying, "WHERE'S YOUR LEAVE PASS, SOLDIER" at the server and preventing data from loading, we doped the browser into complacency with --disable-web-security.)
posted by ardgedee at 5:41 PM on October 16, 2014


Not to partronize Office 2003 fans, as I thought it was the platonic ideal until around 2009.

Office 2007 and 2010 are absolutely usable IMO, that was hugely blown up at my company of 200 to be a scary leap to 2007 and the main complainers were IT people. Including me initially, but the other 200 just had a quick cheat sheet and admittedly aren't all using many of the features; it makes formatting, data access, and print layouts way faster by mouse. By keyboard most old shortcuts and menu path shortcuts work. I promise it gets better. Get ribbon hero! It's an achievement system. Lol.

Took getting used to for sure but the most common stuff is right there and the rest you can add or use (most of) the 2003 shortcut key combos including pull downs. 2013 is washed out professional white hell but using an 11 year old Microsoft product of any kind is sketchy.
posted by aydeejones at 5:43 PM on October 16, 2014 [1 favorite]


So, as someone who "knows a thing or two about computers" but is not diligent, I assumed SSL was more secure than TLS years ago, and left it at that. I am average. Was this by design? Tinfoil jokes or whatever, sure, but the ambiguity in acronyms tripped me up.
posted by casual observer at 5:44 PM on October 16, 2014


So...

I really hate to say this, but only Internet Explorer 7 and on and Opera Browser version 12.XX and the SeaMonkey Project allow for a graceful means of mitigation of this latest cryptographic cipher vulnerability. Firefox gets a pass for the "about:config" settings infrastructure that has been there since the very beginning... since the Mozilla Application Suite. Forcing TLS for Thunderbird was handled much the same.

How the times do fly.

The latest Opera Beta v25 and Chromium 37 leave me somewhat disappointed. Advanced configuration options had been available in previous builds of Chromium, but they have been tucked away from view of the User.

Don't even get me started on SSL/TLS support for Konqueror 4.11.5...
posted by PROD_TPSL at 6:01 PM on October 16, 2014


So, I went into Firefox's config settings and made the 0 to 1 change as instructed. Now, though, I'm seeing comments pop-up in other forums that TLS 1 is also vulnerable, and the correct setting in Firefox should be 2. Can anyone please shed some light on this?
posted by Thorzdad at 6:47 PM on October 16, 2014


TLS 1.0 is not, as far as I've read, vulnerable to this particular attack. It is, however, vulnerable to other attacks, e.g. BEAST, which were solved in later revisions of TLS. Again, though, TLS 1.0 is better than SSL 3.0 in virtually every way. It was designed as the successor to SSL, so covered all the issues in SSL that were known at the time. And you're not forcing Firefox to use TLS 1.0, you're just telling it to go no lower than TLS 1.0 (i.e., don't fall back to SSL); it will try the most secure variant it thinks it can, and fall back only when that fails. This attack relies on stomping all over your client TLS negotiation with the server, causing your client to think "oh, the server may not support TLS, let me fall back to SSL 3," and now the attacker has a vulnerable protocol to attack.

In terms of security, TLS 1.2 > TLS 1.1 > TLS 1.0 > SSL 3.0. In terms of compatibility with most things out there, the order is reversed. So you could force your Firefox to never fall below TLS 1.1 or 1.2, sure, but the likelihood of running into sites that can't talk any higher than TLS 1.0 may make it too costly for you. Caveat emptor.

(And this is what was meant above when talking about users modifying the old Firefox security settings through the Preferences/Settings UI: it used to be really really really easy to get this wrong and break your browser or silently make it very insecure. The day POODLE was announced, Mozilla released a trivial plugin that shuts off SSL 3 and has a settings UI. Sadly, it doesn't work on Firefox Mobile, or at least it didn't when I checked on day one.)
posted by introp at 7:52 PM on October 16, 2014 [6 favorites]


A lot of Firefox's settings are in about:config.

And if you've never typed "about:config" in Mozilla, you've probably never typed "about:mozilla" either, and taken that stroll down memory lane...
posted by Walleye at 8:19 PM on October 16, 2014


I assumed SSL was more secure than TLS years ago, and left it at that. I am average. Was this by design? Tinfoil jokes or whatever, sure, but the ambiguity in acronyms tripped me up.

In a nutshell:

When the web began everything was being done using HTTP directly over TCP. Any security you got was at the network-wide level.

In the mid-1990s there was a bit of a free-for-all on how to standardize on end to end secure browsing. The winning entry was the Secure Socket Layer, a library named and provided by Netscape. Unfortunately Netscape was better at naming than they were at network security -- SSL 1.0 never shipped, SSL 2.0 was quickly shown to be broken, and SSL 3.0 has always been considered a bit dodgy.

However the basic approach of doing security at the transport socket layer was agreed to be a good one, so when the IETF got down to producing a secure HTTP spec they kept the general scheme intact and replaced Netscape's SSL libraries with their own TLS libraries.

Basically it's fair to say that the concept of SSL had been at times implemented by two different libraries, one named SSL and one named TLS. And hopefully after today we can put the SSL libraries to be for good.
posted by Tell Me No Lies at 8:44 PM on October 16, 2014 [2 favorites]


Are these getting more attention then they used to but not increasing in frequency, or is my suspicion correct that the Internet is currently in a state of massive permanent breakdown?

The Internet, in a very real sense, has never not been in a state of massive permanent breakdown.
posted by pmb at 9:00 PM on October 16, 2014 [3 favorites]


The Internet, in a very real sense, has never not been in a state of massive permanent breakdown.

To which aspect are you referring? There's usually some part of the infrastructure groaning and moaning but in general it seems to have been ridiculously stable. (Although maybe I just feel that way because I know what it could have been like.)
posted by Tell Me No Lies at 9:45 PM on October 16, 2014 [1 favorite]


So it's been routing around itself? How ourobouros.
posted by benito.strauss at 9:58 PM on October 16, 2014


Fix for Safari users from apple.com discussion forum:

"Apple posted the following updates that include a fix for the SSLv3 "Poodle" issue:

Yosemite 10.10
Security Update 2014-005 Mavericks
Security Update 2014-005 Mountain Lion
as well as updates for all currently supported Servers (4.0, 3.2.2, 2.2.5)

All of them contain the following:

Secure Transport
Impact: An attacker may be able to decrypt data protected by SSL
Description: There are known attacks on the confidentiality of SSL
3.0 when a cipher suite uses a block cipher in CBC mode. An attacker
could force the use of SSL 3.0, even when the server would support a
better TLS version, by blocking TLS 1.0 and higher connection
attempts. This issue was addressed by disabling CBC cipher suites
when TLS connection attempts fail.
CVE-ID
CVE-2014-3566 : Bodo Moeller, Thai Duong, and Krzysztof Kotowicz of
Google Security Team

It would appear that your browsers will show "maybe vulnerable" on the poodletest site, so my guess is that OS X will prevent all apps from using SSLv3 even if they would otherwise be capable of doing so. This will protect other apps, such as e-mail clients that are also normally able to use SSLv3."
posted by bionic.junkie at 10:07 PM on October 16, 2014 [5 favorites]


It would appear that your browsers will show "maybe vulnerable" on the poodletest site, so my guess is that OS X will prevent all apps from using SSLv3 even if they would otherwise be capable of doing so.

It would surprise me very much if the software architecture of third party browsers was such that the platform could reliably intervene in a transaction of this nature, and I don't see Mozilla deferring to the platform API for something that critical. This almost certainly only applies to Safari and other native apps. You'll still want to apply the above-linked fixes to any non-Apple browser that you use.
posted by George_Spiggott at 11:07 PM on October 16, 2014 [1 favorite]


Okay, i've gone and made the changes recommended on the links here to secure things, but i'm still getting the 'Your user agent is vulnerable. You should disable SSL 3' message when I restart my browser and go check.

Has something changed since these were all posted? I've triple-checked to make sure it was all entered right, gave administrator permission (though a few of the times i've done it, no administrator permission box has popped up), restarted the browser afterwards, etc - am I missing something?

(I'm on Windows 7, the latest Chrome update.)
posted by pseudonymph at 2:55 AM on October 17, 2014


Scratch that! A little googling told me that this was my issue. Excerpted for anyone else having that issue:

The fix has been tested, I have it on all the workstations here and did in fact run into one that was not working. It was simply because the Google Chrome process was still running even after closing all browser windows.

After killing the process and then testing it again, the SSL3 checker https://zmap.io/sslv3/ showed it was good to go. So: Make sure that ALL instances of Google Chrome are closed and that there is no rogue processes in Task Manager.

posted by pseudonymph at 3:03 AM on October 17, 2014


Via links kindly posted here, me and my Firefox went to Mozilla's POODLE Page and got that SSL Version Control Add-on Mozilla offers. Here's the direct link: https://addons.mozilla.org/en-US/firefox/addon/ssl-version-control/

I came back here and read further in the thread and finally learned how to get to that about:config you'd all been talking about, by typing same in the address field. Lucky I don't need to go there 'cos I got the Add-on right here. Just as well, it wants me to promise I'll be careful and I don't like making promises I'm not sure I can keep.

Thanks heaps for the heads-up on this bad dog, OP and others. Much obliged.
posted by valetta at 4:34 AM on October 17, 2014


"Apple posted the following updates that include a fix for the SSLv3 "Poodle" issue:
Yay!

Yosemite 10.10
Security Update 2014-005 Mavericks
Security Update 2014-005 Mountain Lion

Crap.

So, users of Safari on anything older than 10.8 are SOL, apparently. Guess I'll stick with Firefox.
posted by Thorzdad at 5:10 AM on October 17, 2014


The day POODLE was announced, Mozilla released a trivial plugin that shuts off SSL 3 and has a settings UI. Sadly, it doesn't work on Firefox Mobile, or at least it didn't when I checked on day one.

Just as a data point, it worked on Firefox Mobile (v25.0.1) for me last night. Thanks, introp, and everyone else for the the links & advice!
posted by gimli at 5:12 AM on October 17, 2014


There's usually some part of the infrastructure groaning and moaning but in general it seems to have been ridiculously stable.

I think that our increased reliance on the Internet has made it seem less stable even though, in general, overall stability has actually been increasing.

There were some huge exploits and significant outages back in the late 90s and early 2000s, but fewer people noticed them than would if they happened today.

Here's a list of biggest Internet (and in some cases pre-Internet) outages. The article was written in 2008, but a lot of the biggest ones were old even then. AOL's full-day outage in '96 would be like Google going dark today, in terms of AOL's position as a frontend to the Internet for many users. The longest I think Google has ever gone out was a few hours, and that was just Gmail. Netcom — a huge nationwide dialup ISP, comparable perhaps to Comcast — also had a full-day outage that same year.

In late 2004, a really stupid move by a major Turkish ISP (PDF) basically took down large chunks of the Internet and required a huge scramble by core operators to reset everything. I think that in terms of Internet history, it represents the end of a sort of collegial 'Bretton Woods era' of core routing, where major backbone systems' routers tended to implicitly trust other systems' route advertisements. There were a few other similar occurrences to hammer home the lesson (Pakistan and China made everyone realize, I think, that the era of nerdly solidarity and everyone playing for the same team and towards the same ends were over).

On the security side, and also from about the same period, the WMF vulnerabilities of 2005-06 are certainly worse than anything being discussed today. For almost a week, basically every Windows system on the planet was exposed to drive-by remote code execution if they went to the wrong website. Oops. (It somewhat luckily all exploded over the Christmas holiday that year, so a lot of people were away from their computers and that probably minimized the impact.)

There will always be a tendency to believe that whatever is going on today is The Worstest Thing Ever, but I think that the nadir of Internet stability and security will probably be found somewhere in the mid-200Xs, as a combination of poor desktop-OS security coupled with explosive growth in always-on Internet connections, and a rough transition at the core network operations layers from an informal collegium to a more systematic management structure.
posted by Kadin2048 at 9:31 AM on October 17, 2014 [2 favorites]


So, users of Safari on anything older than 10.8 are SOL, apparently. Guess I'll stick with Firefox.

Weird since Lion has been receiving security updates as recently as the bash update a few weeks back. This seems to be the first security update it is excluded from Lion. Perhaps the Yosemite release yesterday marks the date they have chosen to drop support for Lion. If Apple announced end of support dates it would be so much better than having to read the tea leaves, but it looks like that is what we have to assume as the SSL test page shows Lion is indeed vulnerable.
posted by ridogi at 9:32 AM on October 17, 2014


A Chrome upgrade just hit for me, and it seemed reasonable to hope that this would address the vulnerability, but nope. Guess that's not for OS X users.

So, users of Safari on anything older than 10.8 are SOL, apparently.

Kindof expected, and at least Desktop users have options.

What I'm worried about as an iPhone 3gs user is whether or not Apple plans to abandon anyone still using devices on iOS 6 or below.

One of the things that I think is becoming increasingly clear about personal computing is that we don't know how to reach a stable point where devices are good for decades. This has been true in a utility sense for a while (I've got audio gear that's over 20 years old -- heck, my CZ-1 is almost 30 -- and still does what it was made to do just fine, but there's not much in the way of audio software I was using 10 years ago that I can use now), but the security issues may turn out to mean that it's simply impossible to have acceptably functional untended software.
posted by weston at 9:47 AM on October 17, 2014


ridogi: Weird since Lion has been receiving security updates as recently as the bash update a few weeks back. This seems to be the first security update it is excluded from Lion. Perhaps the Yosemite release yesterday marks the date they have chosen to drop support for Lion.

Apple seems to an unwritten rule about supporting the last three iterations of OS X. I guess it was a lucky coincidence that this bug happened to fall right after they released OS X 10.10 Yosemite. Maybe in the near future there will be an updated version of Safari available in the app store that addresses POODLE.

I'm also surprised that this isn't being pushed as a notification update through the app store. I've had to point people to the link after I tried to have them check for updates first.
posted by bionic.junkie at 10:11 AM on October 17, 2014


I'm also surprised that this isn't being pushed as a notification update through the app store.
It is being pushed, but they don't send it to everyone at once, they will get in within the next day or two.
posted by Lanark at 10:59 AM on October 17, 2014


Well SSL is proving to be too vulnerable considering these exploits have been in such a short amount of time. I wonder how will the websites that we daily use will guarantee the safety of our accounts.
posted by denisehilton at 1:14 PM on October 17, 2014


In case anyone is still reading, and wants to know why system administrators want a bounty placed on the head of "black hat" hackers, go fill your drink and empty your bladder and settle in to read "ffs ssl" In Which A Sysadmin Discovers Poodle, Learns About Certificates, And Tries Very Hard To Secure His Web Site Without Losing His Damn Mind.
posted by wenestvedt at 1:38 PM on October 17, 2014


I may be blind today. If anyone posted the easy Firefox fix I failed to see it. Their plug-in solution for versions < 34 can be found here. Starting with Firefox ver. 34 the SSL stuff will be disabled by default.
posted by Ignorantsavage at 8:11 PM on October 17, 2014


I may be blind today. If anyone posted the easy Firefox fix I failed to see it.
It's in this link and then scroll down to Firefox
posted by Lanark at 5:43 AM on October 18, 2014


I've got audio gear that's over 20 years old.

20 years ago, the web was just becoming a thing among the general population (Version 1.0 NCSA Mosaic for X 2.0 was released on November 11, 1993.).

The current state of personal computing (let alone mobile computing) was simply not technically possible 20 years ago.

Information technology is fundamentally different than other forms of electronic technology and the obsolescence of software and hardware is one of its ineluctable characteristics.
posted by mistersquid at 8:51 AM on October 18, 2014 [1 favorite]


« Older In which the host cannot pronounce his own name or...   |   The Correct Word Newer »


This thread has been archived and is closed to new comments