Poodle, the latest bug dogging web security
October 29, 2014
In case you were missing the headaches brought on by the heartbleed bug, you can rest assured knowing a new flaw has been discovered in online security. Poodle (Padding Oracle On Downgraded Legacy Encryption) is a security hole in SSL 3.0 that allows private information to be exposed to a hacker with network access. SSL 3.0 is used by both servers and browsers, meaning a patch on one end doesn’t alone fix the issue.
The good news is that SSL 3.0 is not used all that much these days. The main reason there’s still an issue is that an attacker can trick your browser into downgrading to SSL 3.0 by causing problems with whatever more current protocol is in place.
- More details: http://www.cnet.com/news/google-exposes-poodle-flaw-in-web-encryption
- Even more good info: http://www.makeuseof.com/tag/stop-poodle-from-biting-your-browser
- Test a website/server: https://www.tinfoilsecurity.com/poodle
- Test your browser: https://www.poodletest.com
I always was more of a cat person, anyway.Share, email, or print this post...
Permanent link: https://mywebmaestro.com/poodle-latest-bug-dogging-web-security/
Posted in Articles, Security - tagged: Hackers, SSL