The POODLE bug, technically known as CVE-2014-3566, is the latest ‘discovery’ by the security experts in the world of computers and internet. In fact, the credit for discovering the bug goes to three Google engineers. The threesome found out the vulnerability in the SSL v3.
After Heartbleed, the POODLE bug is the next big thing to be discovered. It needs to be known at what intensity the POODLE may strike you. For that you should be acquainted with SSL. So, let us first run through SSL.
More about POODLE Bug
POODLE stands for Padding Oracle On Downgraded Legacy Encryption. The POODLE bug is an error in the security in SSL 3.0. If conditions develop in favor of the POODLE, it can break open in the security system. This simply means, with the help cookies, an attacker can get hold of your session cookies.
No one wants to neither hear this nor face it and it needs little mention what the hacker can do if the session cookies go in his hands. If you are accessing you bank accounts through your PC, it is possible that this information can be in the hands of the attacker. Your email accounts, social networking accounts, blah blah blah, everything suddenly comes.
Secure Sockets Layer (SSL)
SSL is also popularly known as Secure Sockets Layer. For those who do not know, SSL is a service for encrypting your internet communication. It is vital in the security point of view so your data remains safe and doesn’t reach unwanted hands.
The most sensitive data happens to be your debit and credit card details that you use for online shopping. Moreover, internet banking and accessing a bank’s website from your personal computer has become a household activity today. This is where SSL comes in the picture and safeguards your communication to and fro.
So, Does The POODLE Bug Affect The SSL Too?
That’s a valid question. Actually, SSL is nearing its completion of two decades in the industry – 18 years to be specific. The current version is the SSL 3.0 being used these days. But, it must be mentioned that there are even better encryption expertise available.
We are speaking about TLS (Transport Layer Security). Even if TLS is better than SSL 3.0, the reach and use of the former encryption service is spread far and wide. It is estimated that more than 90% of browsers still support SSL 3.0, however, the service is used in only about 1% of traffic.
How Dangerous Can the POODLE Bug for You Be?
Though a security glitch is a security glitch, there is nothing much to worry about. The attacker who wants to exercise POODLE for attacking has to be between the site you are visiting and you. The highest possibility of this to happen is when you are using an unsecured public Wi-Fi network.
So, What’s The Way Out?
If you are not sure of what action you need to take, the solution is simple enough. As mentioned above, you are vulnerable if the internet is accessed through unsecured Wi-Fi. So, make sure you aren’t using unsecured Wi-Fi network.
Secondly, make sure you have configured your browser for auto updates. So, your web browser will also remain up-to-date.
The POODLE bug is the hot topic these days. We will keep giving the latest information as and when available.