Heartbleed, Shellshock, And Now… Poodle
A new bug was found by a group of 3 Google researchers that could allow hackers to take control of many services, including those in the category of email and banking. The bug is dubbed a ?Poodle? attack, which stands for, ?Padding Oracle On Downloaded Legacy Encryption.? Web browsers have encouraged their users to disable the bug’s source, the 18 year old SSL 3.0
The good news is that Poodle isn?t as bad as its predecessors, Heartbleed, and Shellshock. Tal Klein, vice president of the security firm Adallom made the claims that Poodle has a threat level at about a ?five or six,? whereas Shellshock and Heartbleed were at threat level ten.? The bug allows for hackers to access session cookie data, and passwords. In short, a hacker would be able to do this because the bug allows him to trick browsers into giving him sensitive information.
For those looking to disable SSL 3.0, click here for a detailed description provided by Security Consultant Scott Helme.