Against POODLE

Convene Gears Up Against POODLE

by Alexandrea Roman on and last update on July 05, 2019

After Heartbleed and Shellshock comes the latest security threat, POODLE. It sounds harmless and cute, but the innocuous name belies the danger this bug presents.

POODLE, an acronym for Padding Oracle On Downgraded Legacy Encryption, is a bug that exploits a weakness in version 3 of the Secure Sockets Layer protocol (SSLv3), which is a protocol that encrypts the traffic between a website and a browser, or between a web server and an email client. POODLE wreaks havoc by allowing hackers to decrypt session cookies that identify users to a web-based service. Once hackers have this information, they can hijack your accounts without having to know your passwords.

Modern browsers still support SSLv3 even when it’s already technically obsolete because it serves as a fallback option whenever stronger encryption mechanisms are not available. Based on reports, the vulnerability is not a problem with the implementation, but an issue with the protocol itself. Thus, there is no real workaround for this bug, and the best solution is to stop using it. To protect you from this vulnerability, we have completely disabled the use of SSLv3 on all our servers.

Your security is always our top priority. Rest assured that we are always updated on new threats, and that we are quick to respond to them to prevent any damage before it can start.

Share this article

Experience Azeus Convene