poodleexploit
Latest
Google discovers another web security flaw that leaves browsers vulnerable
Get ready for Heartbleed deja-vu: Google just found an exploit in SSL 3.0 that could give attackers the ability to work out the plaintext traffic of a secure connection. It's calling the attack "POODLE," or Padding Oracle On Downgraded Legacy Encryption, and it allows a man-in-the-middle attacker to decrypt HTTP cookies. Cookies can be used to store personal information, website preferences or even passwords, depending on the situation. SSL 3.0 is a pretty old (15 years) protocol, but it's still used in most web browsers and as a fallback for countless servers in case modern protocols fail to connect. Prospective attackers can force a server to default back to SSL 3.0 for the sake of the exploit.
