Remember the POODLE vulnerability (aka “the poodle bug”)?
Discovered last October, it’s a means by which attackers could intercept supposedly secure SSL communications between your computer and a website. For instance, if you were logging into a secure website (such as an online bank) using WiFi in a coffeeshop, a hacker sitting close by could sniff your confidential credentials as they whizz through the air.
Of course, every responsible website sprung into action – making sure that they weren’t putting their users at risk.
This server is vulnerable to the POODLE attack. If possible, disable SSL 3 to mitigate. Grade capped to C.
This server is vulnerable to the POODLE attack against TLS servers. Patching required. Grade set to F.
Six months after the world was warned about the POODLE bug, that’s pretty shocking.
Hey, banks. Do you think you could do us all a favour and take security a wee bit more seriously? Thanks.
You can learn more about the POODLE vulnerability in the following video I made:
- The POODLE bug internet vulnerability! Watch this video then check your browser
- This POODLE bites: exploiting the SSL 3.0 fallback, Google.
- POODLE attacks on SSLv3, Adam Langley.
- Everything you need to know about the POODLE SSL bug, Troy Hunt.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.