{"id":79286,"date":"2014-10-16T19:19:17","date_gmt":"2014-10-16T13:49:17","guid":{"rendered":"https:\/\/blogs.quickheal.com\/?p=79286"},"modified":"2014-10-16T19:19:17","modified_gmt":"2014-10-16T13:49:17","slug":"beware-of-the-poodle-bug","status":"publish","type":"post","link":"https:\/\/www.quickheal.com\/blogs\/beware-of-the-poodle-bug\/","title":{"rendered":"Beware of the Poodle Bug!"},"content":{"rendered":"<p>There\u2019s a new security bug in town. Technically, it is called CVE\u00ad-2014\u00ad-3566, and elsewhere, as the Poodle Bug. Three Google engineers have discovered this security vulnerability in SSL version 3. Let\u2019s know how this vulnerability may affect you.<\/p>\n<p><center><a href=\"https:\/\/blogs.quickheal.com\/wp-content\/uploads\/2014\/10\/Poodle1.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-79298\" src=\"https:\/\/blogs.quickheal.com\/wp-content\/uploads\/2014\/10\/Poodle1.png\" alt=\"Poodle\" width=\"442\" height=\"309\" \/><\/a><\/center><br \/>\n<span style=\"font-size: 15px; color: #006bb2; font-weight: bold;\">What is SSL?<\/span><\/p>\n<p>SSL (Secure Sockets Layer) is an encryption service that keeps your Internet communications (such as your connection to your bank&#8217;s website, online shopping site, etc.) private and from getting into the wrong hands.<\/p>\n<p><span style=\"font-size: 15px; color: #006bb2; font-weight: bold;\">How POODLE bug affects SSL 3.0 <\/span><\/p>\n<p>SSL 3.0 is an 18-year old technology. Although stronger encryption technologies such as TLS (Transport Layer Security) are now in force, SSL 3.0 is still used in 1% of web traffic, and supported by 95% of web browsers.<\/p>\n<p>Coming to POODLE, it stands for \u2018<strong>Padding Oracle On Downgraded Legacy Encryption<\/strong>\u2019. It is a security flaw that exists in SSL version 3. Under the right conditions, the POODLE bug can allow an attacker to access your session cookies. With this information at hand, an attacker can take control of your online accounts including your email, banking and social networking account.<\/p>\n<p>Now all this may sound scary, but the POODLE bug is not as threatening as <a href=\"https:\/\/blogs.quickheal.com\/3-important-things-you-should-know-about-heartbleed\/\" target=\"_blank\">Heartbleed <\/a>or Shellshock that took the Internet by storm. It is hard to exploit.<\/p>\n<p><span style=\"font-size: 15px; color: #006bb2; font-weight: bold;\">So, Why POODLE should not worry you much? Here\u2019s why!<\/span><\/p>\n<p>An attacker who intends to use the POODLE vulnerability, has to come in between you and the website you are visiting. And one of the most likely ways an attacker can do this is when you are accessing your online account on an unsecured public Wi-Fi network.<\/p>\n<p><span style=\"font-size: 15px; color: #006bb2; font-weight: bold;\">So, is disabling SSL 3.0 support a solution?<\/span><\/p>\n<p>While disabling SSL 3.0 support will mitigate the risk, it might present compatibility problems with older web browsers and servers. So, for now, end users can take the following measures:<\/p>\n<p><strong>1.<\/strong> Avoid accessing online accounts on unsecured Wi-Fi; this even includes your instant messaging services like WhatsApp.<\/p>\n<p><strong>2.<\/strong> Ensure that your browser is configured to automatic updates.<\/p>\n<p>The POODLE bug story is developing. We will keep you posted about this as we collect more information. Stay tuned to our blog, and stay safe!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>There\u2019s a new security bug in town. Technically, it is called CVE\u00ad-2014\u00ad-3566, and elsewhere, as the Poodle Bug. Three Google engineers have discovered this security vulnerability in SSL version 3. Let\u2019s know how this vulnerability may affect you. What is SSL? SSL (Secure Sockets Layer) is an encryption service that keeps your Internet communications (such [&hellip;]<\/p>\n","protected":false},"author":6,"featured_media":79288,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[92,36,6],"tags":[1060,1061,1062,38,1063,1064],"class_list":["post-79286","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-google","category-security-patch","category-tips","tag-poodle","tag-poodle-bug","tag-ssl","tag-vulnerability","tag-web-server","tag-website"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts\/79286"}],"collection":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/comments?post=79286"}],"version-history":[{"count":0,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts\/79286\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/"}],"wp:attachment":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/media?parent=79286"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/categories?post=79286"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/tags?post=79286"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}