Poodle SSL 3.0 Bug Fix

Security engineers from Google found a new bug that makes Internet users vulnerable to attack.  The Padding Oracle On Downgraded Legacy Encryption, shortened to Poodle, allows hackers to exploit older SSL 3.0 implementations.  While SSL 3.0 is old technology and used in very few sites, the problem lies in the way web browsers downgrade SSL requests.

Poodle will force your web browser to downgrade or fail back to SSL 3.0.  That would open your system up to attack.  This is a man in the middle attack so the hacker would need to intercept your network traffic.  That makes public wifi networks very vulnerable to vulnerabilities like Poodle,  Always use a VPN when your on a public wifi network.

There are steps you can take to protect your web browser from falling back to SSL 3.0.  So far we’ve found fixes for Firefox, Chrome and Internet Explorer.  If you use one or more of these web browsers I suggest you follow the steps listed below to protect against Poodle.

Poodle SSL Bug Fix

Mozilla Firefox Poodle Fix

Mozilla has announced that Firefox 34 will disable SSL 3.0 by default.  While that may break some sites that are way out of date it will protect you against Poodle.  Mozilla plans to release Firefox 34 on November 25th.  Make sure to enable auto updates to keep up with the latest Firefox releases.  Go to Preferences / Advanced / Update and check Automatically install updates.

I don’t know about you but I’d rather not wait over a month for the fix.  Mozilla has a fix for those who want protection against Poodle right away.  You can disable SSL 3.0 by installing the Firefox SSL Version Control extension.  That will help you immediately disable SSL version 3 which will protect you from the Poodle exploit.

Google Chrome Poodle Fix

The Poodle fix for Google’s Chrome web browser is a bit more technical.  You’ll want to close any open Chrome windows.  Then take the following steps based on which operating system you are using.

Windows – right click on the Chrome icon and click on Properties.  Now you’ll want to click on the shortcut tab.  From there you want to add a space after the end of the chrome.exe file path and add “–ssl-version-min=tls1” without the quotation marks.  Then click Apply and OK to apply the change.

Mac OS X – go to the Utilities folder and open the Terminal command-line app.  You can also hit Command+Shift+U to open it up.  From there type “/Applications/Google Chrome.app/Contents/MacOS/Google Chrome –ssl-version-min=tls1” without the quotation marks.

Linux – open a console window and type “google-chrome –ssl-version-min=tls1” without the quotation marks.

Microsoft Internet Explorer Poodle Fix

For Internet Explorer you’ll need to disable SSL 3.0 from within the browser settings.  To do so go to Tools and then Internet Options.  From there click on the Advanced tab.  Now scroll down to the security category.  From there you’ll want to uncheck Use SSL 3.0 and click Apply and then OK.

Please share this post with your family and friends so they can protect their web browsers against the Poodle exploit.  Follow us @VPNFan for the latest VPN and online privacy news.