Two-thirds of online transaction services in Vietnam vulnerable to Poodle bug: Bkav

Source: Pano feed

Two-thirds of websites that provide online transaction services in Vietnam are vulnerable to Poodle, a new security bug in widely-used web encryption technology recently discovered by Google, a local Internet security firm reported Tuesday.


Users of these websites, which mostly include e-banking, e-commerce and online stock trading platforms, may risk losing their accounts for email, banking, social networks and other services to hackers, who exploit the flaw in the encryption standard SSL 3.0, according to Bkav Security.


The flaw is dubbed Poodle, which stands for Padding Oracle On Downloaded Legacy Encryption, attack by Google researchers on October 14, according to Reuters.


The 18-year-old SSL 3.0 is widely used to encrypt and secure data exchanged between online transaction websites and their users, Bkav Security, the Internet security unit of Hanoi-based tech firm Bkav, said on its website.


A Poodle attack allows hackers to steal money from victims’ bank accounts, or use the stolen money to buy goods or stocks, Bkav Security said.


“Shortly after Google announced its discovery of the Poodle hack, Bkav checked local websites and found that 68 percent of them are using SSL 3.0 standards, which are vulnerable to the security flaw,” the company said.


The remaining websites have switched to a new standard, known as TLS (Transport Layer Security) 1.2, according to Bkav Security.


“As it is crucial to ensure security for ebanking transaction, Bkav has collaborated with the State Bank of Vietnam to inform banks using SSL 3.0 for their services of the threat,” Ngo Tuan Anh, deputy chairman of Internet security with Bkav, said in a statement.


“These websites only need to disable the SSL 3.0 protocol to prevent an attack.”


Anh said most of the banks have already eliminated the threat, allowing users to safely transact online.


“To those that have yet to fix the issue, Bkav recommends that they review their system and disable the SSL 3.0 standard,” Anh said, adding that users can also protect themselves by upgrading their web browsers to the latest versions.


Poodle is the third vulnerability in widely-used web technology researchers have uncovered this year, following April’s “Heartbleed” bug in OpenSSL and last month’s “Shellshock” bug in a piece of Unix software known as Bash, according to Reuters.


But experts said the threat was not as serious as the two prior bugs.


“If Shellshock and Heartbleed were Threat Level 10, then Poodle is more like a 5 or a 6,” Tal Klein, vice president of cloud security firm Adallom, was quoted by Reuters as saying.


Like us on Facebook or follow us on Twitter to get the latest news about Vietnam!




Đăng ký: VietNam News