http://www.golem.de/news/sslv3-kaspersky-software-hebelt-schutz-vor-poodle-luecke-aus-1412-111046.html Published: 09/12/2014 11:22
The Kaspersky Internet Security package can also occur browsers, the uncertain not support connections via SSLv3, yet enable the obsolete protocol. Patching wants the manufacturer in 2015, but there is already a simple solution.
Even if a browser such as Firefox, the current 34 and 40, the next version of Chrome SSLv3 no longer uses, but can also guarantee connection. This was reported by Heise Online, after a reader had made the editor’s attention. His colleagues were able to replicate the problem, it is because as Kaspersky Internet Security works.
The program worked like a man-in-the-middle: Is the “Secure connections investigate” activated in the Kaspersky software, the browser is no longer communicating directly with a server, but with the supposed protection program. This is even establishes a SSLv3 connection, even if this protocol is disabled in your browser.
This is problematic because the connection via the Poodle gap is then vulnerable. A supposedly encrypted SSL connection is vulnerable to Poodle, therefore remove the browser manufacturers are also outdated SSLv3 from their programs. The Kaspersky software adds this feature now unnecessarily added back.
The Russian anti-virus vendor confirmed Heise Online the problem and wants to be product patch – but only in the first quarter of 2015. In the support forum of Kaspersky says even a computer is vulnerable only by Poodle, when he was already compromised , And a man-in-the-middle attack would intercept the Kaspersky program anyway – a faint promise of security.
Who Kaspersky Internet Security so want to continue to use a patch, the option should “investigate Secure Connections” off for the time being and prohibit their browser SSLv3 connections. (Never)
Related items:
Cyberwar: Kaspersky identified
the first five Stuxnet victims (11/11/2014 17:06, http://www.golem.de/news/cyberwar-kaspersky-identifiziert-die-ersten-fuenf-stuxnet-opfer-1411-110474.html)
TLS Encryption: Poodle can also affect TLS
(12.08.2014 21:37, http://www.golem.de/news/tls-verschluesselung-poodle-kann-auch-tls-betreffen -1412-111037.html)
Google: Chrome away SSLv3
in future versions (03.11.2014 15:07, http://www.golem.de/news/google-chrome-entfernt-sslv3 -in-next-versions-1411-110273.html)
amber against Microsoft: The search for new curves
(04.12.2014 09:38, http://www.golem.de/news/ amber-on-microsoft-the-looking-for-new-curves-1412-110935.html)
Mozilla Firefox 34 with WebRTC client and customized search
(01.12.2014 18:50, http://www.golem.de/news/mozilla-firefox-34-mit-webrtc-client-und-angepasster-suche-1412-110886.html)
No comments:
Post a Comment