By Praveen Kannan and Anna Strokolyst The Hotspot Shield team believes the internet should be open and secure …
Do you spend a lot of time surfing the Internet at public places such as Starbucks? There’s a new security bug that you should be aware of. This security vulnerability could give hackers access to your bank, social media, and email accounts!
This security hole is called POODLE. No, it doesn’t behave or bark like a dog. POODLE actually stands for “Padding Oracle On Downgraded Legacy Encryption.”
What is the POODLE bug?
POODLE is a security bug in version 3 of the Secure Sockets Layer protocol (SSLv3). It was recently discovered by Google researchers.
SSL protocol is used to encrypt internet communications between the browser and a website. SSLv3, an outdated security protocol, has mostly been replaced by its modern successor, Transport Layer Security (TLS).
The problem occurs when an attacker launches a Man-in-The-Middle attack to force your browser to downgrade to the SSLv3 security protocol, and then exploits a security hole in SSLv3 to decrypt encrypted website communications. The attacker can then steal your session cookies and take over your banking, social media, or email account.
Should you be worried?
An attacker can only exploit this security vulnerability if both you and the attacker are on the same network – for example, you are connecting to the Internet via a public WiFi network at Starbucks.
If you’re connecting to the internet at home, you should be safe from a POODLE attack.
How to protect yourself
If you are connecting to the Internet at public Wi-Fi hotspots, follow the preventive measures below to protect yourself from the POODLE exploit as well as other cyber attacks:
- Use a VPN – Using a VPN like Hotspot Shield is the best way to secure and protect yourself from hackers when using public WiFi. A VPN creates a secure tunnel between your device and the VPN server, and encrypts all your internet communications.
- Avoid doing any banking or online shopping while using public WiFi.
- Install the latest security patches and the latest anti-virus, anti-malware software and keep them updated.