POODLE is a new web security flaw discovered by Google


Web security during this year has been an incredibly hot subject with multiple exploits finding their way into the mainstream and affecting millions of users around the world. Although this is not of the same volume as Heartbleed, POODLE is an SSL 3.0 security flaw that could let attackers acquire the plaintext of connections that are supposed to be secure, thus gaining information about the user and access to various systems.

As you may already know, SSL 3.0 is very old in internet years, 15 years old as a matter of fact. Although it is not as widely used anymore, almost every browser out there still supports it. The bad news is that this flaw cannot be fixed so the only solution is to completely ignore SSL 3.0 but this might cause compatibility issues and it is not exactly the greatest workaround.

Still, Google (and probably others) are working on a workaround that will see browsers disabling the fallback to SSL 3.0 and instead forcing them to use newer protocols. Expect to see this fix in the next patch of pretty much every major browser. Until then, I doubt we will see any significant security threat as all companies learned about this before anything happened.