Every passing day throws up newer issues around Online security. Google researchers have now revealed that the much-used Secure Sockets Layer (SSL) 3.0 has a vulnerability. The team carried out an experiment called Padding Oracle On Downgraded Legacy or (POODLE) to explore this. Essentially it established that this system weakness could be exploited by hackers to get into & make away with ostensibly encrypted Online data.

The Google security team comprising Bodo Möller, Thai Duong & Krzysztof Kotowicz have now recommended the disabling of SSL 3.0 on both – server & client side. That’s the only way to escape this. The other of course is to upgrade to the more sophisticated Transport Layer Security (TLS) 1.0 & 1.1 versions. In short, the SSL protocol may not be 100 % hacker-proof.

Both, the  (TLS) & its predecessor, SSL, are cryptographic protocols designed to provide communication security over the Internet. Which means once deployed, they enable safer communications within your brower & the Web server at the other end.

Here’s what the Googlers have posted on the official blog: SSL 3.0 is nearly 15 years old, but support for it remains widespread. Most importantly, nearly all browsers support it and, in order to work around bugs in HTTPS servers, browsers will retry failed connections with older protocol versions, including SSL 3.0. Because a network attacker can cause connection failures, they can trigger the use of SSL 3.0 and then exploit this issue.

Google Chrome and our servers have supported TLS_FALLBACK_SCSV since February and thus we have good evidence that it can be used without compatibility problems. Additionally, Google Chrome will begin testing changes today that disable the fallback to SSL 3.0. This change will break some sites and those sites will need to be updated quickly. In the coming months, we hope to remove support for SSL 3.0 completely from our client products.

Image Credit: Google

Advertising Message