According to Google researchers, a new online security bug has been detected named POODLE. POODLE, which stands for Padding Oracle On Downgraded Legacy Encryption, attacks a specific vulnerability in SSL 3.0. This bug, which also goes by ‘Poodlebleed’ is extremely similar to the Heartbleed bug which was brought to light earlier this year. The POODLE exploit allows hackers to intercept and replace data being sent or received during a “secure” HTTPS session. While SSL 3.0 has mainly been replaced by its successors such as TLS 1.0, many TLS implementations remain backwards-compatible with SSL 3.0 to interoperate with legacy systems in order to create a smooth user experience. Google has put out a report outlining their findings and gives sysadmins a head start in detecting and containing the POODLE bug.

For more information on how to control the POODLE bug, download Google’s PDF about their findings or give our Information Security practice a call at 978-538-9055!

Related articles

 

Need-to-Know Privilege Explained

Need-to-Know Privilege Explained

In this blog post and video, we explore need-to-know privilege in cybersecurity and why it’s important for organizations to assign user permissions on a need-to-know basis.

read more

Pin It on Pinterest

Share This