Many of the nation’s top banks, investment firms and credit providers are vulnerable to a newly-discovered twist on a known security flaw that exposes Web site traffic to eavesdropping. The discovery has prompted renewed warnings from the U.S. Department of Homeland Security advising vulnerable Web site owners to address the flaw as quickly as possible.
In mid-October, the world learned about “POODLE,” an innocuous acronym for a serious security flaw in a specific version (version 3.0) of
Secure Sockets Layer (SSL), the technology that most commercial Web sites use to protect the privacy and security of communications with customers.
When you visit a site that begins with “
https://” you can be sure that the data that gets transmitted between that site and your browser cannot be read by anyone else. That is, unless those sites are still allowing traffic over SSL 3.0, in which case an attacker could exploit the POODLE bug to decrypt and extract information from inside an encrypted transaction — including passwords, cookies and other data that can be used to impersonate the legitimate user.
