Three researchers from Google have stated in a report regarding the online security bug called POODLE (Padding Oracle on Downgraded Legacy Encryption). After a bug called “HeartBleed” detected in April in SSL technology, “Shellshock” in the tool called Bash used by Unix OS, found in September; it’s the consecutive third time this year that a serious bug known as PODDLE is found in SSL 3.0 encryption technology. Google is spreading awareness not to use this protocol. This attack allows hackers to track and replace the potential data being sent and received through a HTTPS session. Thus, Google warns every admin to patch-up all the data exploiting the newly discovered security hole. Google, for securing all the web servers, suggests a technical review; and suggested to remove the support of SSL 3.0 from all client software. “SSL version 3.0 is no longer secure. Browsers and websites need to turn off SSLv3 and use more modern security protocols as soon as possible”, said Mozilla. Attackers would attack by “man-in-the-middle” strategy. They would place themselves between website and victim by approaches like creating rogue WiFi “hotspots” in Internet cafes and workplaces. So, it is advisable to disable SSL 3.0 encryption standard as soon as possible to save yourself from the vulnerable web attack.
0 Comments
Leave a Reply. |
Archives
December 2022
Categories
All
|