Poodle, the latest bug dogging web security

In case you were missing the headaches brought on by the heartbleed bug, you can rest assured knowing a new flaw has been discovered in online security. Poodle (Padding Oracle On Downgraded Legacy Encryption) is a security hole in SSL 3.0 that allows private information to be exposed to a hacker with network access. SSL 3.0 is used by both servers and browsers, meaning a patch on one end doesn’t alone fix the issue.

The good news is that SSL 3.0 is not used all that much these days. The main reason there’s still an issue is that an attacker can trick your browser into downgrading to SSL 3.0 by causing problems with whatever more current protocol is in place.

I always was more of a cat person, anyway.

Share, email, or print this post...


Posted on by Nathan Lyle in Articles, Security and tagged , . Bookmark the permalink.

About Nathan Lyle

Nathan is a father of four, an amateur musician, and an aspiring photographer. He started programming in 4th grade on an Apple II+ and many years later spent much of his college years freelancing website design for college departments. Nathan is a veteran of the Browser Wars, and will gladly talk at length about the changes he has seen in Web technology if you accidentally ask him.

Leave a comment

Your email address will not be published. Required fields are marked *