SSL 3.0 flaw puts online transactions at risk


More than 68 per cent of the online transactions in Viet Nam are vulnerable because of a newly detected security hole in the Secure Socket Layer (SSL) protocol version 3.0.

More than 68 per cent of the online transactions are vulnerable because of a security hole in the SSL 3.0. Hacker can take advantage of the hole to take over e-banking accounts, stock accounts and e-commerce accounts of users. — Photo courtesy of Bkav
HA NOI (Biz Hub) — More than 68 per cent of the online transactions in Viet Nam are vulnerable because of a newly detected security hole in the Secure Socket Layer (SSL) protocol version 3.0.

Vietnamese network security firm Bkav announced this on October 21, after three Google security engineers published details of the vulnerability issue in the SSL 3.0 design last week.

The hole, known as POODLE (Padding Oracle On Downgraded Legacy Encryption), is widely used for encrypting and protecting data exchanged between websites providing e-banking, stock and e-commerce services and users. Although most websites use the new protocol Transport Layer Security (TLS) 1.2, they are at risk of being attacked due to TLS's backward compatibility with SSL 3.0.

Hackers can take advantage of the hole to take over e-banking accounts, stock accounts and e-commerce accounts of users.

Ngo Tuan Anh, deputy director of Bkav's cyber security, said, "Bkav has co-operated with the State Bank of Vietnam to alert e-banking service providers that are using SSL 3.0. Website owners need to neutralise the protocol to prevent attacks."

The security firm said that administrators can test the system and neutralise SSL 3.0 at www.tools.whitehat.vn, as well as update the web browsers. — VNS

  • Share: