According to Google researchers, a new online security bug has been detected named POODLE. POODLE, which stands for Padding Oracle On Downgraded Legacy Encryption, attacks a specific vulnerability in SSL 3.0. This bug, which also goes by ‘Poodlebleed’ is extremely similar to the Heartbleed bug which was brought to light earlier this year. The POODLE exploit allows hackers to intercept and replace data being sent or received during a “secure” HTTPS session. While SSL 3.0 has mainly been replaced by its successors such as TLS 1.0, many TLS implementations remain backwards-compatible with SSL 3.0 to interoperate with legacy systems in order to create a smooth user experience. Google has put out a report outlining their findings and gives sysadmins a head start in detecting and containing the POODLE bug.
For more information on how to control the POODLE bug, download Google’s PDF about their findings or give our Information Security practice a call at 978-538-9055!
Related articles
The NSA Cybersecurity Guide for Remote Workers
In this blog post, we cover a few key recommendations for remote workers from the NSA guide, ‘Best Practices for Securing Your Home Network.’
GraVoc Recognized on CRN’s 2023 MSP 500 List
CRN®, a brand of The Channel Company, has named GraVoc to its Managed Service Provider (MSP) 500 list in the Pioneer 250 category for 2023!
The Cybersecurity Implications of ChatGPT
Is ChatGPT a security risk? In this blog post, we explore the cybersecurity implications of ChatGPT, including the benefits and challenges.