Dog Training for Network Admins: Managing POODLE - CVE-2014-3566

CVE-2014-3566 relates to a flaw found in handling of padded bytes in SSL 3.0 when using CBC mode for the encryption[3]. The flaw may be exploited to permit a man-in-the-middle (MITM) attack. The attacker may be able to decrypt a selected byte of a cipher text in a limited number (256) of attempts, by repeatedly requesting the victim to send the same data over multiple SSLv3 connections.

The vulnerability exists in the protocol itself and not a specific implementation of the protocol e.g., OpenSSL, GnuTLS, etc. Thus, the mitigation is to stop using SSLv3 and to have TLSv1+ as the minimum.

[Read More]

Connecting to OpenVPN from a Mac using Tunnelblink

To connect to an OpenVPN server you need an appropriate OpenVPN client installed to establish the SSL link. For Apple Mac OS X systems, TunnelBlick (http://code.google.com/p/tunnelblick/) is a good graphical user interface. At the time of this blog the current latest stable version of TunnelBlick available was 3.2.7. These instructions were executed on an Apple iMac running Mac OS X 10.7.4. As with all other posts on this blog, the purpose of this post is not to provide a tutorial, but instead to documents the steps taken, for my own benefit.

[Read More]