Monthly Archives: October 2014

Home »  2014 »  October

steveimagineermedia-net
Comments Off on A New SSL Exploit — POODLE

Yesterday, Google published a post that exposes a flaw in Web encryption standards. It’s similar to the Heartbleed bug exploited earlier this year but not nearly as serious. It’s called POODLE (Padding Oracle On Downgraded Legacy Encryption), which exploits yet another vulnerability in one of the Internet’s basic security protocols (SSL more commonly known as https in your browser) that could potentially give an attacker access to your sensitive online account information. Who it affects Any secure connection (https) you make via your web browser is at risk. That means visiting banks, PayPal, online shopping sites, etc are all vulnerable. What’s at risk The attacker could potentially decrypt and read any of your sensitive data (passwords, etc) for any secure website you’re connected to via https. Are servers and clients both affected? Yes, however the vulnerability exists only if both the server and client accept SSL v3.0 (which is the […]