BOSTON, (Reuters) – Three Google Inc researchers have uncovered a security bug in widely used web encryption technology that they say could allow hackers to steal data in what they have dubbed a “Poodle” attack.
“Poodle” stands for Padding Oracle On Downloaded Legacy Encryption.
The problem is an 18-year old encryption standard, known as SSL 3.0, which is still widely used in web browsers and websites. It was disclosed in a research paper published late on Tuesday on the website of the OpenSSL Project, a group that develops the most widely used type of SSL encryption software.
Rumors that a new bug in OpenSSL software had been circulating on Twitter and technology news sites in recent days, prompting some corporate security professionals to prepare to respond to a major new threat this week.