Google’s cyber security researchers have discovered a new vulnerability in the simple and basic software that’s used for securing the web and they have given it the name of ‘Poodle’. This is just the latest addition in the series of flaws that have been unearthed in the architecture and structure of the web. Another flaw that was discovered a while ago was Heartbleed, which was a flaw that existed in the method used by websites for forming secure connections in order to send information. The more recent vulnerability that came to light was Shellshock, which had been around for two decades, without being discovered.
This hole that has been found in the SSL version 3.0 can be used by cyber criminals for obtaining information, which is meant to be encrypted, in the form of plain text. However, so far, no evidence has been obtained to indicate that this flaw has been used by hackers. As opposed to the Heartbleed bug, which had an impact on about two-thirds of the internet, when it came to light in April of this year and had also been discovered by a member of Google’s security team, this new bug ‘Poodle’ only exists in websites that are still working on the older version of the software and for those people who are communicating through these websites.
It is difficult to identify the number of websites that are vulnerable to this SSL 3.0 flaw, which can be dated 15 years back. However, a web performance and security firm called Cloudflare, which is right in front of about 5% of the traffic on the internet, said that as far as it could see, only 1% of the websites were still using the old version while others had made the update. Head of security engineering of the company, Nick Sullivan, said that only a dedicated hacker would be able to take advantage of the vulnerability on most of the sites if malicious code has already been inserted in the website and users access it through a public Wi-Fi network.
According to him, this isn’t as major or risky as Shellshock or Heartbleed, which were a much greater threat. He said that this function had been disabled by most financial institutions because payment industry regulators of the country would have made this recommendation to them. Google’s security engineer, Adam Langley, stated on his personal blog that this vulnerability should just be academically studied, but because of the size of the internet, the flaw could be used negatively.
Krzysztof Kotowicz, Thai Duong and Bodo Moller are the three researchers of the search engine giant who discovered the vulnerability and recommended in their blog post that websites stop communicating with those that were using the old software, even if it meant that some websites were broken up. This flaw came to light on the same day that Microsoft issued a patch for two flaws that had been discovered in almost every version of Windows. Poodle was also detected after analysts had warned that basic internet structure was no longer fit to be used in today’s world, especially after Shellshock’s discovery.