The POODLE Vulnerability Meets The Watchdogs Of WSD

POODLE with cone of shameThe Internet got hit by its 3rd major security flaw of the year recently with the POODLE vulnerability. The vulnerability exploits an 18-year-old encryption technology called SSL (Secure Sockets Layer) 3.0, and comes on the heels of the Bash Bug in September and the Heartbleed vulnerability back in April.

POODLE, which stands for “Padding Oracle On Downloaded Legacy Encryption”, was discovered by three Google engineers, Bodo Möller, Thai Duong, and Krzysztof Kotowicz. The main risk with this security flaw is that someone on the same local network as you can potentially eavesdrop on your web browsing sessions, taking over anything from email to social media and online banking. This is particularly problematic if you’re connected to a public Wi-Fi network, such as at a local coffee shop.

At first glance, the POODLE security flaw might not seem like that big of a deal due to the fact that SSL 3.0 has largely been replaced by a newer encryption protocol, TLS (Transport Layer Security). However many older systems still use SSL 3.0, and complicating the issue is that even systems configured to use TLS can be forced by hackers to downgrade to an SSL connection, leaving the system vulnerable to attack.

According to a blog post by Bodo Möller:

“SSL 3.0 is nearly 18 years old, but support for it remains widespread. Most importantly, nearly all browsers support it and, in order to work around bugs in HTTPS servers, browsers will retry failed connections with older protocol versions, including SSL 3.0. Because a network attacker can cause connection failures, they can trigger the use of SSL 3.0 and then exploit this issue.”

The only foolproof way of avoiding the POODLE vulnerability at this point in time is to disable SSL 3.0 altogether. The WebSight Design server team did just that for all of our web servers soon after the security flaw was announced.

It’s just another example of WSD staying on top of the latest threats in internet security, so you don’t have to.

About WSD

WebSight Design is a Bay Area web design and development firm started in 1995. We build and manage websites for large corporations, as well as small and mid-size businesses looking to expand their reach. We specialize in search engine optimization, social media management, hosting, mobile development, and more.

Contact us today to see how WSD can take your business to the next level with our wide range of design, development, and internet marketing services.