According to Google researchers, a new online security bug has been detected named POODLE. POODLE, which stands for Padding Oracle On Downgraded Legacy Encryption, attacks a specific vulnerability in SSL 3.0. This bug, which also goes by ‘Poodlebleed’ is extremely similar to the Heartbleed bug which was brought to light earlier this year. The POODLE exploit allows hackers to intercept and replace data being sent or received during a “secure” HTTPS session. While SSL 3.0 has mainly been replaced by its successors such as TLS 1.0, many TLS implementations remain backwards-compatible with SSL 3.0 to interoperate with legacy systems in order to create a smooth user experience. Google has put out a report outlining their findings and gives sysadmins a head start in detecting and containing the POODLE bug.
For more information on how to control the POODLE bug, download Google’s PDF about their findings or give our Information Security practice a call at 978-538-9055!
Related articles
Change Healthcare Attack: Ransomware Protection Measures for Healthcare Organizations
In light of the Change Healthcare attack, we explore why hackers target healthcare and how healthcare can defend against ransomware.
GraVoc Recognized on CRN MSP 500 List for Second Year in a Row
For the second year in a row, GraVoc has been recognized on the CRN® MSP 500 list in the Pioneer 250 category!
PCI SAQ Types: Which SAQ is Right for Your Business?
In this blog post, we provide an overview of the SAQ types for PCI DSS v4.0 and how to select a PCI SAQ that’s right for your business.