16 October 2014
With so many online security problems making the news this year, it’s understandable that regular internet users might be feeling a bit worried. If you read about the latest vulnerabilities, you’d even be forgiven for thinking there was some kind of animal uprising, with words like “sandworm” and “poodle” hitting the headlines.
Of the two, the so-called SSL Poodle seems to have caused the most concern. A vulnerability in an SSL protocol invented about 18 years ago, the Poodle (Padding Oracle on Downloaded Legacy Encryption – see, techies have a sense of humour too) bug could potentially enable cybercriminals to decrypt encrypted connections to websites and steal data. Now, I know what you’re thinking: “Why hasn’t it been replaced if it’s ancient?” Well, it has – by something called TLS – but it’s still on machines in order to maintain backwards compatibility.
However, whilst it does pose a minor threat, and whilst it’s obviously important to keep up to date with security issues, I’d caution against getting swept up in sensationalised news stories, as they can become a huge distraction. The exploit we’re talking about here isn’t as easy to carry out as Heartbleed was. It’s referred to as a “man-in-the-middle” attack, which means a hacker would have to have control of the connection between a browser and a server in order to steal files.
Ultimately, staying vigilant and keeping an eye on security advice and patches is the best way to react to news of exploits and bugs. So, I suppose what I’m saying here is try not to panic about this particular poodle. Its bark is worse than its bite.