Poodle attack – a reason not to use Internet Explorer 6

Google has alerted the public about the ‘Poodle’ attack. This does not mean Poodle dogs across the globe have gone on attack mode, this alert rather refers to a security problem detected on web encryptian technology. This is the third problem Google has detected within this year; the first being ‘Heartbleed’, then ‘Shellshock’, and now ‘Poodle’! Here is what you need to know about this problem and what solutions there are.

What is Poodle?

Before we go any further, let’s clear this up; ‘Poodle’ stands for “Padding Oracle On Downloaded Legacy Encryption”. This security bug was detected by Google researchers; it revealed that the Poodle attack makes SSL 3.0 very vulnerable to hackers.  Although the Poodle is not as extreme as the Heartbleed, it still gives hackers an opportunity to invade our privacy and steal confidential data, like passwords and cookies.

The solution

With problems come solutions…but this solution will affect Internet Explorer 6 users.  Although this is an older version of Explorer, it is still widely used. The solution is to disable the SSLv3. Although it sounds as simple as turning a light switch on and off, disabling SSLv3 can cause some parts of browsers and servers to not work. Internet providers are already busy creating patches so their browsers do not revert back to SSLv3 and can eliminate the threat SSLv3 has over users.

 

Our advice would be to continue to update your browsers and security checks to ensure you don’t fall victim.  Although the poodle attack is not as severe as the ‘Heartbleed’, you should still be cautious.

 

Sources:

http://www.pcworld.com/article/2834015/security-experts-warn-of-poodle-attack-against-ssl-30.html

http://www.financialexpress.com/news/google-raise-alert-over-poodle-attack/1298647

Leave a Reply