• Home
  • Latest
  • Fortune 500
  • Finance
  • Tech
  • Leadership
  • Lifestyle
  • Rankings
  • Multimedia

Trendingnow

1

Shark Tank's Kevin O'Leary says if he were 25 today, he'd chase these two booming opportunities in the world of AI

2

Even as Elon Musk calls philanthropy ‘very hard,’ everyday Americans gave a record $617 billion—despite feeling the squeeze over the cost of living

3

Egg companies made $1.22 billion in profit off a $6 carton — now they’re buying their way out of a price-fixing case with 53 million donated eggs

1

Shark Tank's Kevin O'Leary says if he were 25 today, he'd chase these two booming opportunities in the world of AI

2

Even as Elon Musk calls philanthropy ‘very hard,’ everyday Americans gave a record $617 billion—despite feeling the squeeze over the cost of living

3

Egg companies made $1.22 billion in profit off a $6 carton — now they’re buying their way out of a price-fixing case with 53 million donated eggs

The Poodle computer bug: The what, how, and why for business

Robert Hackett
By
Robert Hackett
Robert Hackett
Down Arrow Button Icon
Robert Hackett
By
Robert Hackett
Robert Hackett
Down Arrow Button Icon
November 12, 2014, 1:04 PM ET
Cyber security, piracy, hacker, bug, flaw, crack, skull
Cyber security, piracy, hacker, bug, flaw, crack, skullIllustration: DimaChe—Getty Images
Add Fortune on Google for similar content.

By now you’ve probably heard of a new computer bug called Poodle. Sure, the name is adorable. (It really stands for the far less cute “Padding Oracle On Downgraded Legacy Encryption.”) It was discovered by Google researchers two months ago. And, most importantly, cyber security researchers have determined that it’s less serious than the Heartbleed (from April) and Shellshock/Bash (from September) bugs.

But “less” is a relative term. The flaw demands a fix.

What you can do about it

Here’s the download if you’re willing to get a bit technical. If the web browsers on your machines still support the long since deprecated encryption protocol Secure Sockets Layer (SSL) 3.0, which is intended to securely connect computers and web servers, disable it yourself. It’s 15 years out of date.

As for which browsers: If you’re using Google Chrome version 40, you’re in good shape—SSL 3.0 is disabled by default. Mozilla will disable the protocol by default in the next version of its browser, Firefox 34, which is due later this month. All versions of Microsoft’s Internet Explorer support SSL 3.0; that support needs to be disabled through the Options menu. And as for Apple’s Safari, the company’s security update 2014-005 mitigates the vulnerability while still allowing SSL 3.0.

Until you deactivate SSL 3.0, you might want to avoid connecting to public Wi-Fi networks. Otherwise sophisticated attackers occupying a privileged position on your network may be able to intercept your data, steal your passwords and browser cookies, and masquerade as you on websites, allowing them to hijack your accounts.

“In terms of security, when a protocol becomes deprecated that’s about the time you say we need to get off this and get off this soon,” says Waylon Grange, a senior malware researcher at Blue Coat, a Sunnyvale, Calif. cyber security firm. “It means a vulnerability or weakness has been found and people know it can be attacked.”

In the world of encryption, a newer, more secure protocol, Transport Layer Security (TLS) 1.0, replaced SSL 3.0 in 1999. Since then, there have been two updates—TLS 1.1 in 2006 and TLS 1.2 in 2008. Another, TLS 1.3, is in the works.

“This is almost four versions now,” Grange adds, “at some point you need to say, ‘Let’s move up.’”

How we got here

Some businesses may not wish to retire older protocols like SSL 3.0 since they want to ensure they can connect with every last potential customer. That means accommodating people who have not updated their browsers in eight years, when Internet Explorer 7 enabled TLS 1.0 support by default. “Do you really want those guys still on your networks?” Grange asks, noting that their machines are likely vulnerable to a host of other flaws—and adding that SSL 3.0 transactions represent less than one percent of all web traffic.

“If a machine is vulnerable with this, it’s likely to have other vulnerabilities because it’s that old,” Grange says. “It’s putting your whole network at risk because of this ancient technology.”

Then again, retaining older protocols like SSL 3.0 also provides a fallback option for browsers should connection attempts by newer protocols not work, for whatever reason—an if-all-else-fails approach. The problem is that savvy hackers can sit on a network, scramble communications, and frustrate a machine’s attempts to connect with a server, forcing it to fall back on an outdated protocol. The hackers perpetuating this type of attacks, referred to as man-in-the-middle, can then implement Poodle and steadily decrypt transacted sensitive information.

Hugh Thompson, chief security strategist at Blue Coat, says companies should retire SSL 3.0 as soon as possible, even if they’re unsure what old devices relying on it may still be connected to their networks. If a browser embedded in a printer has no update option, “it may just be time to get rid of that printer,” he says.

Forgotten, outdated devices are bound to have issues, he says. “Almost certainly something will stop working.” Nevertheless, “You should definitely deprecate it,” he says. “It’s definitely worth it.”

What to take away from the incident

Disabling SSL 3.0 is not the only lesson to be learned from Poodle. Consider the bigger picture: In the past year, three high-profile bugs have rocked the business world.

In April, the web was hit by Heartbleed, a frighteningly pervasive encryption vulnerability. Five months later we were shocked by Shellshock, a slightly less worrisome bug (because it poses more of a technical challenge to hackers) yet one that bore grave implications (like the ability of a hacker to take over machines). Now we have Poodle—and more bugs are bound to surface.

As Internet companies begin to encrypt more traffic across the web, attackers are going to become even more interested in finding cryptographic weaknesses. Businesses must learn to cope, Thompson says.

“If you thought Heartbleed was the equivalent of a meteorite hitting a data center,” Thompson says, “you would do everything you could to clean up from the meteorite. But you wouldn’t have set up some big meteorite cleaning processes. These three signal that this is not a rare event. If that’s the case, there is a need to be able to build up a set of competencies around failure.”

That means putting in place agile response teams, building network forensic capabilities and updating to new versions of software and protocols in a timely manner. It’s a matter of setting up the right processes and practicing good network hygiene, Thompson says. There is no excuse to be caught unaware–especially if, in the end, it appears your company is more concerned with backward compatibility than security.

Next, read: “How Home Depot CEO Frank Blake kept his legacy from being hacked” by Jennifer Reingold.

About the Author
Robert Hackett
By Robert Hackett
Instagram iconLinkedIn iconTwitter icon
See full bioRight Arrow Button Icon
Add Fortune on Google for similar content.

Latest in

Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025

Most Popular

Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Fortune Secondary Logo
Rankings
  • 100 Best Companies
  • Fortune 500
  • Global 500
  • Fortune 500 Europe
  • Most Powerful Women
  • World's Most Admired Companies
  • See All Rankings
  • Lists Calendar
Sections
  • Finance
  • Fortune Crypto
  • Features
  • Leadership
  • Health
  • Commentary
  • Success
  • Retail
  • Mpw
  • Tech
  • Lifestyle
  • CEO Initiative
  • Asia
  • Politics
  • Conferences
  • Europe
  • Newsletters
  • Personal Finance
  • Environment
  • Magazine
  • Education
Customer Support
  • Frequently Asked Questions
  • Customer Service Portal
  • Privacy Policy
  • Terms Of Use
  • Single Issues For Purchase
  • International Print
Commercial Services
  • Advertising
  • Fortune Brand Studio
  • Fortune Analytics
  • Fortune Conferences
  • Business Development
  • Group Subscriptions
About Us
  • About Us
  • Press Center
  • Work At Fortune
  • Terms And Conditions
  • Site Map
  • About Us
  • Press Center
  • Work At Fortune
  • Terms And Conditions
  • Site Map
  • Facebook icon
  • Twitter icon
  • LinkedIn icon
  • Instagram icon
  • Pinterest icon

Latest in

cc
CommentaryEducation
Former Trump official: Washington finally let Pell Grants pay for welding school, then buried the idea in 85 pages of red tape
By Caroline CasagrandeJuly 6, 2026
2 hours ago
C.H. Robinson’s CEO is running his AI transformation on Lean principles: ‘It’s been a game-changer for this company’
NewslettersCEO Daily
C.H. Robinson’s CEO is running his AI transformation on Lean principles: ‘It’s been a game-changer for this company’
By Diane BradyJuly 6, 2026
2 hours ago
r
EconomyGen Z
Gen Z was ‘jaded about employment before we ever entered the workforce’—now psychologists say the stare has hardened into something worse
By Nick LichtenbergJuly 6, 2026
4 hours ago
After a nearly 800% explosion, this AI stock’s U.S. debut could signal if the market can still boom—or is headed for a bust
AItech stocks
After a nearly 800% explosion, this AI stock’s U.S. debut could signal if the market can still boom—or is headed for a bust
By Jason MaJuly 5, 2026
12 hours ago
Meet Atlas, the humanoid robot that delivered the game ball.
InnovationSports
Meet the soccer-playing humanoid robot that just delivered the game ball at the Brazil v. Norway FIFA World Cup match
By Catherina GioinoJuly 5, 2026
14 hours ago
The supertanker tycoon making millions on Hormuz shuttle runs
EnergyShipping
The supertanker tycoon making millions on Hormuz shuttle runs
By Weilun Soon, Alex Longley, Anthony Di Paola and BloombergJuly 5, 2026
14 hours ago

Most Popular

Shark Tank's Kevin O'Leary says if he were 25 today, he'd chase these two booming opportunities in the world of AI
AI
Shark Tank's Kevin O'Leary says if he were 25 today, he'd chase these two booming opportunities in the world of AI
By Marco Quiroz-GutierrezJuly 5, 2026
21 hours ago
Even as Elon Musk calls philanthropy ‘very hard,’ everyday Americans gave a record $617 billion—despite feeling the squeeze over the cost of living
Success
Even as Elon Musk calls philanthropy ‘very hard,’ everyday Americans gave a record $617 billion—despite feeling the squeeze over the cost of living
By Preston ForeJuly 4, 2026
2 days ago
Egg companies made $1.22 billion in profit off a $6 carton — now they’re buying their way out of a price-fixing case with 53 million donated eggs
Law
Egg companies made $1.22 billion in profit off a $6 carton — now they’re buying their way out of a price-fixing case with 53 million donated eggs
By Wyatte Grantham-Philips and The Associated PressJuly 2, 2026
4 days ago
The stock market is about to suffer a 'snapback' and will lose much of this year's gains as 'speculation is hitting extreme levels,' BofA warns
Investing
The stock market is about to suffer a 'snapback' and will lose much of this year's gains as 'speculation is hitting extreme levels,' BofA warns
By Jason MaJuly 5, 2026
15 hours ago
Meet the Zillennials: The luckiest micro-generation in the workforce, born between 1993 and 1998
AI
Meet the Zillennials: The luckiest micro-generation in the workforce, born between 1993 and 1998
By Nick LichtenbergJuly 3, 2026
3 days ago
Mark Zuckerberg takes business calls on a jet ski wearing his $800 Meta glasses—and insists 'the other person could not tell'
Big Tech
Mark Zuckerberg takes business calls on a jet ski wearing his $800 Meta glasses—and insists 'the other person could not tell'
By Sydney LakeJuly 5, 2026
23 hours ago

© 2026 Fortune Media IP Limited. All Rights Reserved. Use of this site constitutes acceptance of our Terms of Use and Privacy Policy | CA Notice at Collection and Privacy Notice | Do Not Sell/Share My Personal Information
FORTUNE is a trademark of Fortune Media IP Limited, registered in the U.S. and other countries. FORTUNE may receive compensation for some links to products and services on this website. Offers may be subject to change without notice.