Poodle – SSL Security Threat Explored
Poodle is a breed of dog with legs that resembles cotton candies. It is intelligent and a regular staple at dog shows. Even the most friendly dogs have the propensity to bite. Now we see all kinds of security alerts and snafus likes heartbleed and shell shock!!! The latest in addition is POODLE. All of this started when a team in Google developed and tested an attack named POODLE (Padding Oracle On Downgraded Legacy Encryption) which uncovered vulnerability in Secure Sockets Layer (SSL) version 3 protocol or in short SSLv3. SSLv3 is an obsolete but still used encryption in both older and new web browsers. (It is an 18-year-old protocol which was replaced by the TLS protocol) POODLE tries to force the connection between your web browser and the server to downgrade to SSLv3. The POODLE attack takes advantage of the protocol version negotiation feature built into SSL/TLS to force the use of SSL 3.0 and then uses this new vulnerability to decrypt sele