SSL broken, again, in POODLE attack

From the researchers that brought you BEAST and CRIME comes another attack against Secure Sockets Layer (SSL), one of the protocols that's used to secure Internet traffic from eavesdroppers both government and criminal.

Calling the new attack POODLE—that's "Padding Oracle On Downgraded Legacy Encryption"—the attack allows a man-in-the-middle, such as a malicious Wi-Fi hotspot or a compromised ISP, to extract data from secure HTTP connections. This in turn could let that attacker do things such as access online banking or e-mail systems. The flaw was documented by Bodo Möller, Thai Duong, and Krzysztof Kotowicz, all of whom work at Google. Thai Duong, working with Juliano Rizzo, described the similar BEAST attack in 2011 and the CRIME attack in 2012.

The attack depends on the fact that most Web servers and Web browsers allow the use of the ancient SSL version 3 protocol to secure their communications. Although SSL has been superseded by Transport Layer Security, it's still widely supported on both servers and clients alike and is still required for compatibility with Internet Explorer 6. SSLv3, unlike TLS 1.0 or newer, omits validation of certain pieces of data that accompany each message. Attackers can use this weakness to decipher an individual byte and time of the encrypted data, and in so doing, extract the plain text of the message byte by byte.

As with previous attacks of this kind against SSL, the most vulnerable application is HTTP. An example attack scenario would work something like this. An adversary (typically in cryptography literature known as Mallory) sets up a malicious Wi-Fi hotspot. That Wi-Fi hotspot does two things. On non-secure HTTP connections, it injects a piece of JavaScript. And on secure HTTP connections, it intercepts the outgoing messages and reorganizes them.