Three Google Inc researchers have discovered a bug in the web encryption technology that is widely used in current times. The researchers are of the view that the bug could aid the hackers in order to steal the data they want. It will be possible by dubbing the data with a “Poodle Attack”.
For the ones who do not know the elongated form of “POODLE”, it is Padding Oracle on Downloaded Legacy Encryption. SSL 3.0 is actually an encryption standard that has survived for the last 18 years and it is employed in an ample of websites and web browsers. The disclosure of bugs was done by a research paper published on Tuesday on the official website of the OpenSSL project. This group develops the most popular SSL encryption softwares.
Twitter was the reception for the publicity of bug found in OpenSSL software. After the news on the bug circulated around the newspaper and other media, the corporate security professionals have put up their sleeves to fight this bug.
The security experts are of the opinion that the bug was discovered and publicized on Tuesday which has actually prompted the hackers to take away “cookies”. However, it is not as serious as the previous situation where two bugs were found.
Ivan Ristic, the director of application security research with Qualys and an expert in SSL, stated “It’s quite complicated. It requires the attacker to have a privileged position in the network”.
The security experts are advising the business to deactivate the SSL 3.0 technology on their servers add browsers to avoid any Poodle Attack. However, for an average PC user, this could be a bit difficult.
[ Source ]