Three researchers from Google have discovered a security bug in widely used web encryption technology. The bug that according to them could allow hackers to take over accounts for email, banking and other services in an attack called ‘Poodle’ as dubbed by them.
Poodle that stands for Padding Oracle On Downloaded Legacy Encryption, is the third this year following April’s ‘Heartbleed’ bug in OpenSSL and last month’s ‘Shellshock’ bug in a piece of Unix software known as Bash. This time when researchers have again uncovered vulnerability in widely used web technology, they have prompted makers of web browsers and server software to advice users to disable use of the source of the security bug: an 18-year old encryption standard known as SSL 3.0.
By stealing browser cookies through ‘Poodle’ attacks, hackers could potentially take control of email, banking and social networking accounts. Still, experts say the threat is not as serious as the prior two.[useful_banner_manager banners=28 count=1]
“If Shellshock and Heartbleed were Threat Level 10, then Poodle is more like a 5 or a 6,” said Tal Klein, vice president with cloud security firm Adallom.
The threat was unveiled in a research paper published on the website of the OpenSSL Project, which develops the most widely used type of SSL encryption software.
Learn from real practitioners not just trainers.