Warning: New POODLE Bug Presents MAJOR Network Security Risk!

by

January 7, 2015

You might be familiar with bugs known as Heartbleed and Shellshock – now businesses must be made aware of a new bug called POODLE. While it may sound harmless due to its somewhat inane name, POODLE actually presents a major risk to your company’s web security.

What Is POODLE?

POODLE is actually an acronym for ‘Padding Oracle On Downgraded Legacy Encryption’. It sounds confusing, but the danger that the bug presents is relatively simple: POODLE allows hackers to access and steal information on encrypted connections.

The bug hijacks pieces of information by using an outdated web communication protocol, leaving systems susceptible to information theft.

How Do They Do It?

When you don’t have to log into your e-mail account each time you use it, this is because your browser has a cookie installed which lets your e-mail know that you are who you claim to be. If a hacker tricked you into connecting to a bogus wireless hotspot, for example, this bug could allow them to steal a cookie from your computer. This would give hackers a chance to steal enough information from a web connection that they that they would then be able to steal your cookies and effectively pretend to be you.

The Danger

When POODLE emerged earlier this year, security officials got to work and quickly patched many of the sites that were most vulnerable. Unfortunately, it seems, the experts did not go far enough. The bug formerly attacked an outdated version of SSL (Secure Socket Layer), which is no longer used on modern browsers, but is around due to some older sites, which still require it. Another newer layer of security called TLS (Transport Layer Security) has now been found to also be susceptible to POODLE and a fix has yet to be implemented.

Most troubling is that several banks and corporations are susceptible the new iteration of this bug. Banks at risk include Chase, Bank of America, Citibank, HSBC and SunTrust.

Are you concerned about your businesses web safety in the face of new threats like POODLE?

There are ways to keep your browser safe and to find out whether or not you’re at high risk for such bugs. Integris wants to make sure you’re doing everything you can to keep your company’s web presence and security safe. For more information, contact us via phone at (888) 330-8808 or through e-mail at {e-mail}.

We're Integris. We're always working to empower people through technology.

Keep reading

Benefits of a NIST Cybersecurity Framework Risk Assessment

The National Institute of Standards and Technology (NIST) released the cybersecurity framework risk assessment in 2014. It is an impressive and detailed resource that allows a wide range of industries to better manage and understand their cybersecurity efforts. Many...

Information Technology Consulting Firms: Tips for Common IT Problems

When you run a business, you will run into standard information technology (IT) issues. Security breaches, broken technology, lost data, and forgotten login information will happen in only a matter of time – which is why it’s crucial to have information technology...