In case you were missing the headaches brought on by the heartbleed bug, you can rest assured knowing a new flaw has been discovered in online security. Poodle (Padding Oracle On Downgraded Legacy Encryption) is a security hole in SSL 3.0 that allows private information to be exposed to a hacker with network access. SSL 3.0 is used by both servers and browsers, meaning a patch on one end doesn’t alone fix the issue.
The good news is that SSL 3.0 is not used all that much these days. The main reason there’s still an issue is that an attacker can trick your browser into downgrading to SSL 3.0 by causing problems with whatever more current protocol is in place.
I always was more of a cat person, anyway.
October 29, 2014 in Articles, Security and tagged Hackers, SSL. Bookmark the permalink.