Google’s security team detailed today a new bug that takes advantage of a design flaw in SSL version 3.0, a security protocol created by Netscape in the mid 1990s. The researchers called it a Padding Oracle on Downgraded Legacy Encryption bug, or POODLE.
Although the protocol is old, [company]Google[/company] said that “nearly all browsers support it” and its available for hackers to exploit. Even though many modern-day websites use the TLS security protocol (essentially, the next-generation SSL) as their means of encrypting data for a secure network connection between a browser and a website, things can run amok if the connection goes down for some reason.
In this case, the browser tries to reestablish a link with the website through older versions of the security protocol, like SSL 3.0, which makes the connection vulnerable for an attack.
[company]CloudFlare[/company] also posted details on Poodle and described how hackers take advantage…
View original post 206 more words