Today, a new vulnerability named POODLE (Padding Oracle On Downgraded Legacy Encryption) was discovered by Google security researchers Bodo M\u00f6ller, Thai Duong, and Krzysztof Kotowicz. Instead of targeting the server directly as Heartbleed or ShellShock did, this exploit directly targets the clients that are visiting the sites.<\/p>\n
How is the attack executed?<\/p>\n
Individual clients are affected due to backwards compatibility built into most software. By default, browser such as Firefox, Chrome, and Internet Explorer will attempt to connect to the server using the highest TLS protocol version available, but if interrupted, will try a lower version which can include SSL 3.0. When this is done, an attacker can potentially compromise the traffic and gain information that would otherwise be encrypted.<\/p>\n
We have disabled SSL 3.0 within all shared hosting environments to resolve the issue.<\/p>\n
If you are on a VPS or dedicated server, your server is not automatically patched. If you have root access<\/a>, you may perform the steps outlined in our article on disabling SSL 3.0<\/a>. If you do not have root access, or are not comfortable performing these steps, you may submit a verified ticket to technical support<\/a> and they will be happy to make those changes for you.<\/p>\n Eventually, all software will be updated to remove the backward compatibility issue, but until that is done, you will need to apply workarounds to vulnerable software. While this exploit primarily applies to individuals passing information over a public network, it is always a good idea to safegard yourself at all times.<\/p>\nHow can I protect myself from vulnerable servers?<\/h2>\n
Vulnerable software and workarounds<\/h2>\n
Web browsers<\/h3>\n