Three researchers from Google have discovered a security bug in widely used web encryption technology. The bug that according to them could allow hackers to take over accounts for email, banking and other services in an attack called ‘Poodle’ as dubbed by them.
Poodle that stands for Padding Oracle On Downloaded Legacy Encryption, is the third this year following April’s ‘Heartbleed’ bug in OpenSSL and last month’s ‘Shellshock’ bug in a piece of Unix software known as Bash. This time when researchers have again uncovered vulnerability in widely used web technology, they have prompted makers of web browsers and server software to advice users to disable use of the source of the security bug: an 18-year old encryption standard known as SSL 3.0.
By stealing browser cookies through ‘Poodle’ attacks, hackers could potentially take control of email, banking and social networking accounts. Still, experts say the threat is not as serious as the prior two.