Three Google Inc (NASDAQ:GOOGL) researchers have given a warning that there is an encryption bug that can be used to launch various attacks on user information. The researchers have called the possible attack “poodle,” meaning Padding Oracle On Downloaded Legacy Encryption. They have said that the bug can be exploited to steal user data from servers. The researchers indicated that they were able to breach a security protocol by exploiting the SSL 3.0 bug.
This new discovery comes in the wake of another discovery of Shellshock and Heartbleed bugs. Shellshock was the latest discovery and is said to enable hackers to take control of servers and send instructions without the need to be authorized by server administrators. Both Google Inc (NASDAQ:GOOGL) and Amazon.com acted fast to secure their servers and users from Shellshock vulnerability.
With Google Inc (NASDAQ:GOOGL) warning of imminent attacks if nothing is done immediately, many people are asking whether their data and personal information are really secured. Just recently, the biggest bank in the U.S. became a victim of a cyber attack where millions of user information was compromised. That’s not to mention other companies such as Home Depot, Apple Inc., and Target whose data have been compromised in the recent past.
The SSL encryption protocol has been used for 18 years mainly on web browsers for security.
Before Google Inc (NASDAQ:GOOGL) researchers released the information about the threat, a lot of rumors was already doing round on social media that there is a new bug in OpenSSL.
Experts have however been quick to point out that the security issue isn’t as serious as both Shellshock and Heartbleed as it only allows hackers to steal browser cookies before finding their way into user’s information. Nevertheless, it can be used to target specific individuals or institutions, making it an imminent and serious danger to those with sensitive data that can be accessed through browsers.
They have therefore recommended that SSL 3.0 be disabled to remove the risk.
This article has been written by Victor Ochieng.