Threat Research

"Poodle" security hole has a nasty bite

Deborah Salmi, 15 October 2014

"Poodle" security hole has a nasty bite

poodles "Poodle" bites on open WiFi networks with multiple users.

A security hole called Poodle could allow hackers to take over your banking and social media accounts.

Yesterday, Google researchers announced the discovery of a security bug in version 3 of the Secure Sockets Layer protocol (SSLv3). This web technology is used to encrypt traffic between a browser and a web site, and can give hackers access to email, banking, social accounts and other services.

Poodle bites multiple users in unsecure open WiFi networks, like the ones you use at coffee shops, cafes, hotels, and airports.

“To exploit the vulnerability, you must be running javascript, and the attacker has to be on the same network as you—for example, on the same Starbucks Wi-Fi network you’re using,” explained Kim Zetter in a WIRED article.

Avast experts strongly recommend that our users protect themselves when using free WiFi with avast! SecureLine VPN.

Poodle is not considered as serious a threat as this past spring’s Heartbleed bug which took advantage of a vulnerability in OpenSSL, and or last month's Shellshock bug in Unix Bash software.

SSLv3 is an outdated standard (it’s a decade and a half old), but some browsers, like Internet Explorer 6, and older operating systems, like Windows XP, only use the SSLv3 encryption method. Google’s security team recommends that systems administrators turn off support for SSLv3 to avoid the problem, but warns that this change will break some sites.

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on Facebook, Twitter and Google+. Business owners – check out our business products.