The bug affects a 15-year-old encryption standard known as SSL 3.0, but is less severe than Heartbleed or Shellshock.<\/p>\n
Another week, another Internet vulnerability uncovered: Google researchers have reported a Web encryption bug that allows hackers to infiltrate email, banking, and other online accounts. <\/p>\n
Dubbed Poodle (for \"Padding Oracle On Downgraded Legacy Encryption\"), the threat affects a 15-year-old encryption standard known as SSL 3.0. But it is reportedly less severe than Heartbleed or Shellshock. <\/p>\n
Existing in old software and nearly all browsers, the bug is not easy to apply: It requires a hacker to tap into the connection between you and your browser, referred to as a man-in-the-middle exploit. <\/p>\n
\"If Heartbleed\/Shellshock merited a 10, then this attack is only around a 5,\" said Errata Security's Robert Graham. <\/p>\n
So while you have little to worry about surfing the Web on a secure home connection, using the local coffee shop's unencrypted Wi-Fi makes it simpler for a nearby hacker to take complete control of your accounts. <\/p>\n
The good news is they won't be able to steal your password. <\/p>\n
Google researchers Bodo Mller, Thai Duong, and Krzysztof Kotowicz discovered the vulnerability, which unfortunately does not come with a quick fix. <\/p>\n
Your best bet is to avoid SSL 3.0 entirely, and add a second mechanism called TLS_FALLBACK_SCSV, which will help solve the immediate problem and prevent future attacks. <\/p>\n
Chrome and Firefox users can visit Googler Adam Langley's blog for more details on how to implement the patches. <\/p>\n
<\/p>\n