POODLE…

POODLE does not stand for the dog but is an acronym for Padding Oracle On Downgraded Legacy Encryption. This is a vulnerability in web-encryption technology that could allow hackers to take over email, online banking and other online accounts.

This threat is less severe that Heartbleed which sent the security industry into a real spin earlier this year (see our blog post ). It was uncovered by Google researchers and details were published in a security advisory compiled by Bodo Moller, Thai Duong and Krzysztof Kotowicz.

The bug is in an old encryption standard SSL 3.0 (Secure Socket Layer) which has been generally been superseded by TLS (Transport Layer Security). The concern of security experts is that hackers could force an Internet connection to downgrade the connection to SSL 3.0, which makes it possible to steal cookies. Having stolen the cookies, the hacker can impersonate the victim, login to sites to, for example, make online purchases, read emails or lift files from cloud storage services.

The three main browsers, Chrome, Firefox and Internet Explorer, are informing their customers that they will be dealing with the threat by dropping support for SSL in their next version, estimated to be mid-November. Apple do not comment on security threats but it is assumed that they too will drop support for SSL 3.0.

Our advice is to keep an eye out for the latest browser version and upgrade when they ship.

 

Pin It

Hire us to grow your business

Request more information