• Home  / 
  • Blog  / 
  • News
  •  /  Google discovers another web threat but not as bad as Heartbleed & Shellshock

Google discovers another web threat but not as bad as Heartbleed & Shellshock

Oct 15, 2014

Illustration file picture shows a man typing on a computer keyboard in Warsaw

Three researchers from Google have discovered a security bug in widely used web encryption technology. The bug that according to them could allow hackers to take over accounts for email, banking and other services in an attack called ‘Poodle’ as dubbed by them.

Poodle that stands for Padding Oracle On Downloaded Legacy Encryption, is the third this year following April’s ‘Heartbleed’ bug in OpenSSL and last month’s ‘Shellshock’ bug in a piece of Unix software known as Bash. This time when researchers have again uncovered vulnerability in widely used web technology, they have prompted makers of web browsers and server software to advice users to disable use of the source of the security bug: an 18-year old encryption standard known as SSL 3.0.

By stealing browser cookies through ‘Poodle’ attacks, hackers could potentially take control of email, banking and social networking accounts. Still, experts say the threat is not as serious as the prior two.

[useful_banner_manager banners=28 count=1]

 

“If Shellshock and Heartbleed were Threat Level 10, then Poodle is more like a 5 or a 6,” said Tal Klein, vice president with cloud security firm Adallom.

The threat was unveiled in a research paper published on the website of the OpenSSL Project, which develops the most widely used type of SSL encryption software.

ADVANCED
DIGITAL MARKETING TRAINING PROGRAM
For working professionals & entrepreneurs
Learn how to market a business online just like experts & agencies do it.
Learn from real practitioners not just trainers.
[useful_banner_manager banners=26 count=1]

Important Links

Share Button
Advanced
Digital Marketing Training Program
for professionals & job seekers
Learn how to market a business online just like experts & agencies do it.
Learn from real practitioners not just trainers.

Watch DSIM Trainees Celebrating Last Day of Batch

Watch Demo