Google researchers warn of Poodle bug

Three cyber security engineers at Google have discovered flaws called ‘Padding Oracle On Downloaded Legacy Encryption’ (Poodle) in Secure Socket Layer (SSL) 3.0, a protocol that encrypts link between servers and clients.

The researchers claimed that the flaw in the 15-year-old SSL 3.0 will allow hackers to get access to the information that are supposed to be encrypted.

Though hackers have not misused the vulnerability the researchers are advising that web browsers and websites must be reconfigured to prevent using SSL 3.0.

According to security company Cloudflare, the vulnerability is likely to affect less than 1% of the websites around the globe.

Even a study conducted by University of Michigan showed that less than 0.3% of communications depends on SSL 3.0.

However, reports suggest that Poodle can downgrade the browsers to use SSL 3.0, if server or browsers face challenges while connecting with TLS.

The researchers have recommended the administrators to ensure support TLS_FALLBACK_SCSV, a TSL protocol that is capable of preventing hackers from dragging down the browser to use SSL 3.0.

Google said that its Chrome servers have been supporting TLS_FALLBACK_SCSV and the browser is safe to be used, however the search giant is planning to test changes that will help disable the downgrade to SSL 3.0.

Sign up for our regular news round-up!

Give your business an edge with our leading Tech Monitor

Sign up