Turns out that the Secure Sockets Layer (SSL) encryption we’ve relied on for secure communication on the Internet has a vulnerability.
The exploit first allows attackers to initiate a “downgrade dance” that tells the client that the server doesn’t support the more secure TLS (Transport Layer Security) protocol and forces it to connect via SSL 3.0. From there a man-in-the-middle attack can decrypt secure HTTP cookies. Google calls this the POODLE (Padding Oracle On Downgraded Legacy Encryption) attack.
continue reading: TheNextWeb.com
0 Comments