Google uncovers Poodle flaw in Web encryption standard

By Silky Malhotra | Published on 15 Oct 2014

Poodle security bug in web encryption SSL 3.0 allows hackers to steal data from email accounts, bank accounts and social networking sites.

Google uncovers Poodle flaw in Web encryption standard

OnePlus TV 32Y1 - Smarter TV

Android TV with superior craftsmanship and elegant design - Buy Now

Click here to know more


Google security engineers have uncovered a major vulnerability dubbed Poodle in Web encryption standard SSL 3.0. The bug makes browsers susceptible to hacking, but researchers state that it is not as harmful as Heartbleed or Shellshock bugs.  

Google security engineers Bodo Möller, Krzysztof Kotowicz and Thai Duong stated in a report that POODLE is a new security hole in Secure Socket Layer (SSL) 3.0 that makes the 15-year-old protocol impossible to use safely and upgrading it will be difficult. “Poodle” stands for Padding Oracle On Downloaded Legacy Encryption.

Security experts stated that the bug could allow hackers to steal browser “cookies,” but was not very serious. Ivan Ristic, director of application security research with Qualys and an expert in SSL stated, “It’s quite complicated. It requires the attacker to have a privileged position in the network.”

Jeff Moss, founder of the Def Con hacking conference and an advisor to the U.S. Department of Homeland Security, stated that hackers could exploit the bug to steal session cookies in browsers, social networks, taking control of accounts for email providers and banks that use that technology. However, they would need to launch a “man-in-the-middle” attack. A common approach used by hackers is to create a rogue WiFi “hot spot” in an Internet cafe, he added.

Moss advised businesses and computer users to stop SSL 3.0 technology on their servers and browsers. “It’s not going to take out the infrastructure of the Internet. But it’s going to be a hassle to fix,” he said.

Rumors that a new bug in OpenSSL software had been circulating on Twitter and technology news sites in recent days. Earlier this year researchers had discovered “Heartbleed” bug in OpenSSL, which affected nearly two-thirds of all websites and thousands of other technology products and a new bug dubbed “Shellshock” was uncovered in a piece of Unix software known as Bash last month.

Source: Google

Silky Malhotra

Digit caters to the largest community of tech buyers, users and enthusiasts in India. The all new Digit in continues the legacy of as one of the largest portals in India committed to technology users and buyers. Digit is also one of the most trusted names when it comes to technology reviews and buying advice and is home to the Digit Test Lab, India's most proficient center for testing and reviewing technology products.

We are about leadership-the 9.9 kind! Building a leading media company out of India.And,grooming new leaders for this promising industry. Protection Status