Subscribe to Breaking News emails

You have successfully subscribed to the Breaking News email.

Subscribe today to be the first to to know about breaking news and special reports.

New 'POODLE' Bug Takes Bite Out of SSL 3.0 Web Encryption Protocol

 / Updated 
Image: Illustration photo of a magnifying glass being held in front of a computer screen
Illustration photo of a magnifying glass being held in front of a computer screen Reuters

Breaking News Emails

Get breaking news alerts and special reports. The news and stories that matter, delivered weekday mornings.

Google on Tuesday revealed yet another Internet-wide security vulnerability with a cute name but potentially disastrous effects. POODLE (Padding Oracle On Downgraded Legacy Encryption) allows attackers to break the security of SSL 3.0, a protocol for secure Web communications that is 14 years old but still used as a last-ditch connection method with legacy devices or when others don't seem to work. SSL 3.0, also known as SSLv3, is only used when more modern protocols fail, and even then, of its two modes of encrypting data, one has long been known to be insecure. And now, as Google's researchers show, so is the other. Since an attacker can trick newer Web encryption methods into failing, causing connections to fall back to this old, and now completely ineffective protocol, the researchers conclude that "to achieve secure encryption, SSL 3.0 must be avoided entirely."

Like with Heartbleed and Shellshock, there's nothing end users can do about it, but companies worldwide will be scrambling to issue patches to their servers and embedded devices disallowing use of SSl 3.0. Google discovered the vulnerability a month ago in September, and, as is commonly done with such widespread issues, alerted software and hardware vendors some time before this public disclosure.

IN-DEPTH

SOCIAL

— Devin Coldewey

Breaking News Emails

Get breaking news alerts and special reports. The news and stories that matter, delivered weekday mornings.
MORE FROM news