The Transform Technology Summits start October 13th with Low-Code/No Code: Enabling Enterprise Agility. Register now!


Google today came forward with details on a new issue regarding the SSL protocol, just a few months after the Heartbleed incident brought SSL into the spotlight.

“This vulnerability allows the plaintext of secure connections to be calculated by a network attacker,” Bodo Möller, of the Google Security Team, wrote in a blog post today. “I discovered this issue in collaboration with Thai Duong and Krzysztof Kotowicz (also Googlers).”

The name of the attack: Padding Oracle On Downgraded Legacy Encryption, or POODLE.

One potential workaround: disabling the use of version 3.0 of SSL.

“In the coming months, we hope to remove support for SSL 3.0 completely from our client products,” Möller wrote.

Details on the vulnerability can be found here.

VentureBeat

VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact. Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:
  • up-to-date information on the subjects of interest to you
  • our newsletters
  • gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
  • networking features, and more
Become a member