• Home
  • News
  • 'Poodle' Security Vulnerability Found in SSL 3.0

'Poodle' Security Vulnerability Found in SSL 3.0

Recently, a few Google security engineers discovered a major threat in the SSL 3.0 protocol. The vulnerability, which was named 'Poodle' (Padding Oracle On Downgraded Legacy Encryption), allows the encrypted information to be accessed by any hacker that can connect to the respective network.

Short for Secure Socket Layer, SSL is a protocol that manages the security of the data transmitted over the Internet. While SSL 3.0 is very old (it was developed approximately 15 years ago) and its implementation rates are rather low, a few websites are still using it. In most cases, modems use the secure socket layer only when everything else fails. The problem is that hackers can trick the encrypted data sent via the much more common TSL (Transport Security Layer) to be diverted through the previously mentioned SSL and thus gain easy access to it.

What's really bothering is that the vulnerability can't really be fixed through a patch or an upgrade, so the only way to obtain actually secure data encryption is to drop SSL 3.0 altogether. As an end-user there is nothing you can do about this issue except disabling the protocol from your browser's settings or avoiding public Wi-Fi connections, but a lot of Internet companies will probably start scrambling and releasing patches to put SSL 3.0 out of action.

Poodle was discovered about a month ago, but according to the regular channels, the information first went to software and hardware vendors before being released to the general public.

Comments