Google uncovers Poodle bug in web encryption

The Poodle bug uncovered by Google is capable of giving endless control to cyber criminals.

A trio of security engineers at Google have discovered a major bug in the web encryption standard SSL 3.0. The vulnerability in the SSL 3.0 can be misused by cyber criminals, that may be able to access private and secure information like bank account details, emails and social networking accounts. The SSL 3.0 is an older, but still supported web encryption standard that is used by both web browsers and websites.

A Google search page is seen through a magnifying glass in this photo illustration taken in Brussels

The ‘POODLE’ bug makes the safety protocol almost impossible to use safely. ‘POODLE’ stands for Padding Oracle On Downgraded Legacy Encryption and has affected the safety standard SSL 3.0 that has been in use for the last 15 years. Although it is now replaced by TLS, sometimes when TLS does not work, the server depends on SSL 3.0 to act as a backup.

This is where the vulnerability comes in. Cyber thieves can exploit this function and force victims to downgrade to SSL 3.0, in order to obtain whatever personal information they were looking for.

One of the engineers at Google, Möller suggested that administrators add support for TLS_FALLBACK_SCSV, which can block attacks from hackers trying to downgrade the security protocol.

Another vulnerability, Firesheep, is a browser add-on that can catch hold of unencrypted data that is transferred over the internet. The POODLE bug is more dangerous than Firesheep because the flaw lies within the encryption itself.

Photo Credits

To Top