Warning: There’s a rabid POODLE running loose in SSL

  • October 16, 2014
  • 2 min read

This Wednesday, researchers at Google published a paper stating that there is a new Internet-wide security vulnerability affecting version 3 of the Secure Sockets Layer protocol. This is a protocol used to encrypt traffic between your browser and a web server or your email client and an email server. Attackers who leverage this vulnerability could use it to intercept and decrypt session cookies, which would enable them to log into your online accounts without a password.

POODLE, which stands for Padding Oracle on Downgraded Legacy Encryption, is primarily a concern for users who connect to the Internet through public networks. Attackers must be on the same network as you to leverage the vulnerability, and furthermore you must be using SSLv3 to communicate with a server. The good news is that unless you are using technology from about 13 years ago (namely, Internet Explorer 6 on Windows XP), your machine is most likely using the more modern and invulnerable TLS protocol to perform encryption. Researchers have indicated, however, that some computers will automatically downgrade to SSLv3 in instances where TLS communication fails. It is this last possibility that will give attackers the greatest opportunity to perform POODLE exploitation.

Besides acting as yet another nail in the XP coffin, POODLE may spell trouble for users who connect to the Internet through networks outside of their home. If that’s you, and you’re looking for more information on why vulnerabilities like POODLE can be a problem in public networks, check out our recent Security Knowledge article on firewalls, and consider adding a software-based firewall like Emsisoft Internet Security to your armory.

To find out if your browser is vulnerable to POODLE, you can now also navigate to PoodleTest.com.

Have a great (POODLE-free) day!

System administrators looking for technical threat mitigation measures, see a statement from Google on POODLE here.

Download now: Emsisoft Anti-Malware free trial.

Antivirus software from the world’s leading ransomware experts. Get your free trial today. Try It Now

 

Steve

Steve

Freelance writer and security enthusiast based in the USA.

What to read next

Reader Comments