POODLE is an acronym for “Padding Oracle On Downgraded Legacy Encryption.” It is a bug in the old Internet security protocol SSL 3.0 that was discovered recently by Google security researchers.
Most websites today use the more secure protocol TLS or Transport Layer Security but SSL is sometimes still used as a fall-back position, in instances where TLS is not supported or fails.
In this case, the vulnerability could potentially allow an attacker to view data from your, previously thought, encrypted connection. Doh!
Thankfully, the POODLE flaw is relatively tricky to exploit, as it requires a hacker first conduct what is known as a “man in the middle” attack and now that firms are aware of the issue, they will no doubt be patching their software like crazy.
In the meantime, the way to go about taming this cheeky little pooch, is to try and avoid using SSL wherever possible:
Update your browser software to the latest version as legacy software is most at risk.
Those using Mozilla Firefox can install an add-on that prevents the browser using anything weaker than TLS v1 and users will be able to manually set this configuration in FireFox’s next update.
Internet explorer 7 and its newer versions can also be configured to disable SSLv3 (SSL 3.0) by accessing Internet options in the advanced tab.
Chrome users can disable the protocol by adding the command line argument:
--ssl-version-min=tls1, to force the browser to use TLS v1 for secure connections.
And while all this is happening, try to be that extra bit careful when using public WIFI hotspots and other open network connections, just to be absolutely sure that the nasty old “man in the middle” is not listening.