According to Google researchers, a new online security bug has been detected named POODLE. POODLE, which stands for Padding Oracle On Downgraded Legacy Encryption, attacks a specific vulnerability in SSL 3.0. This bug, which also goes by ‘Poodlebleed’ is extremely similar to the Heartbleed bug which was brought to light earlier this year. The POODLE exploit allows hackers to intercept and replace data being sent or received during a “secure” HTTPS session. While SSL 3.0 has mainly been replaced by its successors such as TLS 1.0, many TLS implementations remain backwards-compatible with SSL 3.0 to interoperate with legacy systems in order to create a smooth user experience. Google has put out a report outlining their findings and gives sysadmins a head start in detecting and containing the POODLE bug.
For more information on how to control the POODLE bug, download Google’s PDF about their findings or give our Information Security practice a call at 978-538-9055!
Related articles
Business Email Compromise: Top BEC Tactics & How to Protect Against Them
We take a look at Business Email Compromise, including common BEC tactics and what your business can do to protect against them.
FFIEC CAT Sunset: Why the CRI Profile is a Strong Alternative
With the FFIEC CAT sunset approaching, we explore why the CRI Profile is a strong alternative to the CAT for financial institutions!
FTC Safeguards Rule Compliance for Auto Dealerships
We’ll go over the FTC Safeguards Rule, what it requires, and how a managed service provider can help auto dealerships stay compliant.