Researchers find new web encryption bug, warn of ‘Poodle’ attack

BOSTON, (Reuters) – Three Google Inc researchers have uncovered a security bug in widely used web encryption technology that they say could allow hackers to steal data in what they have dubbed a “Poodle” attack.

“Poodle” stands for Padding Oracle On Downloaded Legacy Encryption.

The problem is an 18-year old encryption standard, known as SSL 3.0, which is still widely used in web browsers and websites. It was disclosed in a research paper published late on Tuesday on the website of the OpenSSL Project, a group that develops the most widely used type of SSL encryption software.

Rumors that a new bug in OpenSSL software had been circulating on Twitter and technology news sites in recent days, prompting some corporate security professionals to prepare to respond to a major new threat this week.