It turns out that Secure Sockets Layer (SSL) encryption that we report as secure internet communication is vulnerable. Today researchers from Google have announced (PDF) that they have discovered a bug (POODLE) in SSL 3.0. The exploit could be used to track sensitive data that is supposed to be encrypted between the client and the server.
The exploit first allows attackers to launch a "downgrade dance" or "downgrade dance" as reported by Google, telling the customer that the server does not support the most secure TLS (Transport Layer Security) protocol, and forces it to connect via SSL 3.0. From there, he can perform a man-in-the-middle attack to decipher secure HTTP cookies. Google calls POPODLE vulnerability (Padding Oracle On Downgraded Legacy Encryption).
In other words, your data is no longer encoded. Google researchers, Bodo Möller, Thai Duong and Krzysztof Kotowicz, recommend disabling SSL 3.0 on servers and clients. The server and client will predefine TSL to make a secure connection and exploitation will not be possible.
For end-users, if your browser supports it, disable SSL 3.0, or even better use TLS_FALLBACK_SCSV (Transport Layer Security Signaling Cipher Suite Value) tools. This will prevent downgrading attacks. Google said it would launch testing on Chrome to disable the use of SSL 3.0 before removing protocol support from all its products in the coming months. In fact, there is already one available Chromium patch which disables SSL.
The foundation Mozilla is planning also disable SSL 3.0 in Firefox. "SSLv3 will be disabled by default in Firefox 34, which will be released on November 25."
Anyone interested in disabling SSL 3.0 in Firefox can do so with SSL Version Control add on for Firefox.
Follow us on Google News 
