POODLE Vulnerability: This Pooch is a Pain
Tuesday the Google Security Team announced the discovery of a bug in web-encryption technology that could allow hackers to view confidential information like passwords and other encrypted information sent over web connections.
What is it?
A new critical security vulnerability that impacts the Secure Sockets Layer (SSL) version 3.0 protocol that provides encryption for secure internet browsing.
What does it do?
The POODLE security vulnerability allows network attackers to see information like the passwords sent over web connections as plain text, exposing confidential information.
How exposed are internet users?
While SSL has been supplanted by TLS (Transport Layer Security), many TLS implementations are still compatible with SSLv3 in order to work with systems using the older protocol to create a seamless web browsing experience for the end user. This creates a security risk leaving users vulnerable to data theft.
When is there going to be a fix & how long will it take?
Google, Google Chrome and Mozilla are planning on removing all support for SSLv3 in their browsers over coming months while Mozilla Firefox will discontinue support for SSLv3 on November 25. Users should update their internet browsers in the meantime. For further information, along with recommendations actions forDevelopers andSystem Administrators, visit Websense Security Labs.
Websense customers can find the latest KBA here.