Two-month wait for government POODLE patch

Leon Spencer

Updated December 13, 2014 at 11:44 AM

On October 14, the Google Security Team revealed a serious flaw in Secure Sockets Layer version 3.0 (SSLv3), advising the removal of SSLv3 fallback support.

However, as recently as December 11 -- almost two months after Google's announcement -- Australia's Department of Health was found to still be using the 18-year-old protocol on its Therapeutic Goods Administration eBusiness Services (eBS) website.

The affected page was updated to use the newer Transport Layer Security (TLS) protocol this week, after ZDNet made contact with the government department, alerting representatives of the vulnerability.

A spokesperson for the TGA told ZDNet in an email that it knew about the vulnerability and had been working since November -- a full month after Google's disclosure -- to apply a fix to its site.

"The TGA was aware of the 'Poodle' vulnerability, and has been working since mid November to address the issue," a TGA spokesperson said.

"A fix has been applied to the TGA eBS website production environment.

"The patch to address the vulnerability was tested in the TGA training environment."

At the time of writing, the TGA had not responded to ZDNet's query as to why it waited for almost a month from Google's initial announcement before working to address the issue.

Having already disabled SSLv3, Firefox 34 would not load the vulnerable site prior to its update. (Image: Screenshot by Leon Spencer/ZDNet)

The flaw, dubbed Padding Oracle On Downgraded Legacy Encryption (POODLE), allowed an attacker to conduct a man-in-the-middle attack in order to steal "secure" HTTP cookies or other bearer tokens such as HTTP Authorisation header contents.

While SSLv3 has long been made obsolete by TLS, the potential impact of POODLE was large, due to handshaking procedures that occur when setting up a secure connection between HTTP servers and clients to establish a common protocol to communicate.

In October, Google outlined steps to take in order to protect against the vulnerability:

"Disabling SSL 3.0 support or CBC-mode ciphers with SSL 3.0 is sufficient to mitigate this issue, but presents significant compatibility problems, even today. Therefore, our recommended response is to support TLS_FALLBACK_SCSV."

The search giant also included a fix in its Chrome 39 release aimed at preventing the SSLv3 fallback, and the Chrome 40 release will see the removal of SSLv3 support entirely. Firefox removed SSLv3 support from its browser with the release of Firefox 34 on November 25.

Yahoo Sports
Former MLB infielder, Little League World Series star Sean Burroughs dies at 43
The seven-year major leaguer collapsed while coaching his son's Little League game on Thursday.
Yahoo Sports
Dolphins owner Stephen Ross reportedly declined $10 billion for team, stadium and F1 race
The value of the Dolphins and Formula One racing is enormous.
Yahoo Sports
The best RBs for 2024 fantasy football, according to our experts
The Yahoo Fantasy football analysts reveal their first running back rankings for the 2024 NFL season.
Yahoo Sports
Juan Soto’s unapologetic intensity and showmanship are captivating the Bronx and rubbing off on teammates: ‘Literally every pitch is theater’
The 2024 Yankees have rediscovered their bravado and hold the second-best record in the AL, thanks in large part to the superstar outfielder.
Yahoo Finance
The FDIC change that leaves wealthy bank depositors with less protection
Affluent Americans may want to double-check how much of their bank deposits are protected by government-backed insurance. The rules governing trust accounts just changed.
Autoblog
Which pickup trucks get the best fuel economy? Here are the tops for gas mileage (or diesel)
Trucks aren't known for being fuel efficient, though times are changing. These are the trucks with the best gas mileage in various segments.
Yahoo Sports
Timberwolves coach Chris Finch calls Jamal Murray's heat-pack toss on court 'inexcusable and dangerous'
Murray made a bad night on the court worse during a moment of frustration on the bench.
Yahoo Sports
Former NBA guard Darius Morris dies at 33
Former NBA guard Darius Morris has died at the age of 33. He played for five teams during his four NBA seasons. Morris played college basketball at Michigan.
Yahoo Sports
Golf’s moment of truth is here, and the sport is badly flailing
Nonexistent negotiations and missed opportunities for reconciliation between the PGA Tour and LIV Golf have the sport stuck in place.
Yahoo Sports
2024 Fantasy Football Mock Draft, 1.0
The Yahoo Fantasy football crew got together for their very first mock draft of 2024. Andy Behrens recaps the results.
Yahoo Finance
Former House Speaker Paul Ryan says he’s not voting for Trump : 'Character is too important'
Ryan says he would be writing in a Republican candidate instead of voting for Donald Trump.
Yahoo Sports
Ranking the best situations for the rookie quarterbacks: Start with Michael Penix in Atlanta at No. 1
It’s key to note that we’re not saying the “best team” or “best roster.” Instead, we’re talking about the best confluence of factors that can outline a path for survival and then success.
Yahoo Sports
Yahoo Fantasy staff's Mock Draft 1.0: Shocking picks are plentiful
Teams have made their big splashes in free agency and made their draft picks, it's time for you to do the same. It's fantasy football mock draft time. Some call this time of year best ball season, others know it's an opportunity to get a leg up on your competition for when you have to draft in August. The staff at Yahoo Fantasy did their first mock draft of the 2024 season to help you with the latter. Matt Harmon and Andy Behrens are here to break it all down by each round and crush some staff members in the process.
Yahoo Sports
Post-draft NFL fantasy power rankings: Offenses we love, like and want to stay away from
With free agency and the draft behind us, what 32 teams look like today will likely be what they look like Week 1 and beyond for the 2024 season. Matt Harmon and Scott Pianowski reveal the post-draft fantasy power rankings. The duo break down the rankings in six tiers: Elite offensive ecosystems, teams on the cusp of being complete mixed bag ecosystems, offensive ecosystems with something to prove, offenses that could go either way, and offenses that are best to stay away from in fantasy.
Yahoo Finance
Mortgage rates drop for the first time in five weeks with experts adjusting their forecasts
The average 30-year fixed mortgage rate edged back toward 7% this week but remains elevated, prompting housing experts to revise their forecasts for the rest of 2024.
Yahoo Sports
Cardinals lose C Willson Contreras after left arm fractured by J.D. Martinez's swing
The Cardinals' nightmare season continues.
Yahoo Finance
Recession-proof stocks are leading the market's latest leg higher
The Utilities and Consumer Staples sectors have popped since mid-April as investors search for value.
Yahoo Sports
The Cheap Seats: Fantasy baseball mailbag (with one key fantasy football question)
Fantasy baseball analyst Scott Pianowski answers your pressing questions in his latest mailbag as we head toward the end of Week 6.
Yahoo Sports
Blockbuster May trade by Padres, MVP Ohtani has arrived, Willie Mays’ 93rd birthday & weekend recap
Jake Mintz & Jordan Shusterman discuss the Padres-Marlins trade that sent Luis Arraez to San Diego, as well as recap all the action from this weekend in baseball and send birthday wishes to hall-of-famer Willie Mays.
Engadget
The best budgeting apps for 2024
Budgeting apps can help you keep track of your finances, stick to a spending plan and reach your money goals. These are the best budget-tracking apps available right now.

News

Life

Entertainment

Finance

Sports

New on Yahoo

Two-month wait for government POODLE patch

Recommended Stories

Former MLB infielder, Little League World Series star Sean Burroughs dies at 43

Dolphins owner Stephen Ross reportedly declined $10 billion for team, stadium and F1 race

The best RBs for 2024 fantasy football, according to our experts

Juan Soto’s unapologetic intensity and showmanship are captivating the Bronx and rubbing off on teammates: ‘Literally every pitch is theater’

The FDIC change that leaves wealthy bank depositors with less protection

Which pickup trucks get the best fuel economy? Here are the tops for gas mileage (or diesel)

Timberwolves coach Chris Finch calls Jamal Murray's heat-pack toss on court 'inexcusable and dangerous'

Former NBA guard Darius Morris dies at 33

Golf’s moment of truth is here, and the sport is badly flailing

2024 Fantasy Football Mock Draft, 1.0

Former House Speaker Paul Ryan says he’s not voting for Trump : 'Character is too important'

Ranking the best situations for the rookie quarterbacks: Start with Michael Penix in Atlanta at No. 1

Yahoo Fantasy staff's Mock Draft 1.0: Shocking picks are plentiful

Post-draft NFL fantasy power rankings: Offenses we love, like and want to stay away from

Mortgage rates drop for the first time in five weeks with experts adjusting their forecasts

Cardinals lose C Willson Contreras after left arm fractured by J.D. Martinez's swing

Recession-proof stocks are leading the market's latest leg higher

The Cheap Seats: Fantasy baseball mailbag (with one key fantasy football question)

Blockbuster May trade by Padres, MVP Ohtani has arrived, Willie Mays’ 93rd birthday & weekend recap

The best budgeting apps for 2024