My Web Maestro

Poodle, the latest bug dogging web security

Posted on by Nathan Lyle

In case you were missing the headaches brought on by the heartbleed bug, you can rest assured knowing a new flaw has been discovered in online security. Poodle (Padding Oracle On Downgraded Legacy Encryption) is a security hole in SSL 3.0 that allows private information to be exposed to a hacker with network access. SSL 3.0 is used by both servers and browsers, meaning a patch on one end doesn’t alone fix the issue.

The good news is that SSL 3.0 is not used all that much these days. The main reason there’s still an issue is that an attacker can trick your browser into downgrading to SSL 3.0 by causing problems with whatever more current protocol is in place.

I always was more of a cat person, anyway.

Share, email, or print this post...

About Nathan Lyle

Nathan is a father of four, an amateur musician, and an aspiring photographer. He started programming in 4th grade on an Apple II+ and many years later spent much of his college years freelancing website design for college departments. Nathan is a veteran of the Browser Wars, and will gladly talk at length about the changes he has seen in Web technology if you accidentally ask him.

Visit Nathan's Website or View all posts by Nathan Lyle

Permanent link:
Posted in Articles, Security - tagged: ,

Leave a comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.