What is POODLE and how do I protect myself?



  • **What is POODLE?
    **
    POODLE stands for Padding Oracle On Downgraded Legacy Encryption. What that means in practical terms is that there is a vulnerability in the SSLv3 communication protocol that allows for man-in-the-middle attack on secure HTTP connections

    **Can you repeat that in English?
    **
    This vulnerability can allow a compromised WIFI hotspot or ISP to snoop on your secure connections. A man in the middle attack is like the game of telephone with three people, and the person in the middle is the bad guy. He or she intercepts encrypted communications and can decrypt them to snoop passwords or other confidential data. For instance if you are doing online banking then a malicious man-in-the-middle could get your password and other confidential data transmitted.

    **When will this be fixed?
    **
    There is currently no fix or patch for this vulnerability. SSLv3 is an older version of the HTTPS protocol, and is only used for compatibility for older browsers and has been replaced by the newer TLS 1.0 protocol.

    **How can I protect myself and my users?
    **
    Make sure you and your users are using an up to date browser, and turn off SSLv3 for your browser. Here are instructions for Internet Explorer and Chrome, and here are instructions for Firefox. You can share these instructions to your users as well.

    This page will also tell you if SSLv3 is on or off in your browser to confirm that you've disabled it.

    For server side checking, you can go here: https://zmap.io/sslv3/.

    For the lighter side, here is our movie idea we are pitching.

    poodlenado.jpg



  • Good info, thanks!

    Now get on producing that movie!



  • Great. When do we get a link to the movie? 😉



  • Good explanation, and better picture! Thanks for sharing!



  • Thanks.


Log in to reply