In just the last few years, there has been a proliferation of different secure socket layer (SSL) attacks. With names like Heartbleed, POODLE and Shellshock, it is easy to remember them, but does your enterprise security team know which ones poses the highest risk to its enterprise and what it can do to mitigate these SSL attacks? This video covers the timeline of the latest SSL vulnerabilities and how your organization can best secure itself against SSL attacks.
Rob Shapland, a senior penetration tester specializing in web application technology at First Base Technologies, explains how SSL attacks like Lucky 13, RC4 Cipher, Heartbleed, POODLE, Shellshock and FREAK work.
Shapland starts with an older example -- the Lucky 13 SSL attack, which was discovered in 2013. It has the ability to decrypt encrypted SSL communications and read session cookies. Through a man-in-the-middle attack done over a public hotspot connection, it targets and affects cipher block chaining-mode (CBC) ciphers in Transport Layer Security (TLS). This SSL vulnerability has been patched in most products. Shapland advises users to disable support for CBC-mode ciphers and the attackers would thus be unable to carry out Lucky 13 SSL attacks.
One of the more well-known SSL vulnerabilities is Heartbleed. "At the time, we all thought that it was going to break the internet," says Shapland. It eventually proved to have less impact than expected, but still carries some risks. Shapland explains how attackers can exploit the TLS Heartbeat request, which causes the server to leak more information than requested. This vulnerability can be easily fixed by upgrading the version of OpenSSL and fixing products that integrate with OpenSSL.
Watch this video to learn more about these SSL vulnerabilities, the progression of recent SSL attacks and how your organization can defend against them.