Google announced today that it has discovered a "vulnerability in the design of SSL version 3.0"
This allows the plaintext of secure connections to be calculated by a network attacker.
Google says that disabling SSL 3.0 support is enough to mitigate the issue, but that could cause compatibility issues. Therefore, the company has announced support for TLS_FALLBACK_SCSV, which will prevent SSL 3.0 from being used when a client attempts to retry a failed connection.
To prevent this attack, just update to latest version if you are using Google Chrome.
http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html
This POODLE bites: exploiting the SSL 3.0 fallback
googleonlinesecurity.blogspot.com
Leave a Reply