Blog

Rajib Singha
Beware of the Poodle Bug!
October 16, 2014

There’s a new security bug in town. Technically, it is called CVE­-2014­-3566, and elsewhere, as the Poodle Bug. Three Google engineers have discovered this security vulnerability in SSL version 3. Let’s know how this vulnerability may affect you.

Poodle

What is SSL?

SSL (Secure Sockets Layer) is an encryption service that keeps your Internet communications (such as your connection to your bank’s website, online shopping site, etc.) private and from getting into the wrong hands.

How POODLE bug affects SSL 3.0

SSL 3.0 is an 18-year old technology. Although stronger encryption technologies such as TLS (Transport Layer Security) are now in force, SSL 3.0 is still used in 1% of web traffic, and supported by 95% of web browsers.

Coming to POODLE, it stands for ‘Padding Oracle On Downgraded Legacy Encryption’. It is a security flaw that exists in SSL version 3. Under the right conditions, the POODLE bug can allow an attacker to access your session cookies. With this information at hand, an attacker can take control of your online accounts including your email, banking and social networking account.

Now all this may sound scary, but the POODLE bug is not as threatening as Heartbleed or Shellshock that took the Internet by storm. It is hard to exploit.

So, Why POODLE should not worry you much? Here’s why!

An attacker who intends to use the POODLE vulnerability, has to come in between you and the website you are visiting. And one of the most likely ways an attacker can do this is when you are accessing your online account on an unsecured public Wi-Fi network.

So, is disabling SSL 3.0 support a solution?

While disabling SSL 3.0 support will mitigate the risk, it might present compatibility problems with older web browsers and servers. So, for now, end users can take the following measures:

1. Avoid accessing online accounts on unsecured Wi-Fi; this even includes your instant messaging services like WhatsApp.

2. Ensure that your browser is configured to automatic updates.

The POODLE bug story is developing. We will keep you posted about this as we collect more information. Stay tuned to our blog, and stay safe!

SHARE THIS STORY

Have something to add to this story? Share it in the comments.

Rajib Singha
About Rajib Singha
Rajib is an IT security news junkie and a security blogger at Quick Heal. He is passionate about promoting cybersecurity awareness, content and digital marketing,...
Articles by Rajib Singha »

105 Comments

Your email address will not be published.

CAPTCHA Image

  1. Musa ahmoduOctober 17, 2014 at 1:20 PM

    Thanks for this vital info, looking forward to more update on the POODLE BUG.

    Reply
  2. B.J.MASSAWEOctober 17, 2014 at 1:31 PM

    THANKS FOR THE INFORMATION.

    Reply
  3. thanks

    Reply
  4. sooryanarayananOctober 17, 2014 at 3:12 PM

    Thanks for the timely information,,,Also updated automatically…Why should we worry

    when QUICK HEAL is protecting my computer….Am Right?

    Thank u sir…

    Reply
  5. thanks. hope Quick Heal is protecting us

    Reply
  6. please mail me all suggestions

    Reply
    • Hi Mayur,

      You can bookmark this page and save the information on your computer. You can also subscribe to our blog for receiving such news on a regular basis.

      Regards,

      Reply
  7. Phiroze MehtaOctober 17, 2014 at 5:00 PM

    Thank you for the warning. But is a QH user vulnerable if computer usage is not very regular?

    Reply
  8. Thanks for this information……

    Reply
  9. Mayur DesaiOctober 17, 2014 at 6:01 PM

    WE r waiting for Quick heal online shopping Security …….

    Reply
  10. Vishwadeep PatilOctober 17, 2014 at 6:44 PM

    Thanks and update us about POODLE bug next time

    Reply
  11. Vishwadeep PatilOctober 17, 2014 at 6:44 PM

    thanks n update us

    Reply
  12. shailesh patelOctober 17, 2014 at 6:47 PM

    start the quic heal anti virus

    Reply
  13. great info ragib..

    Reply
  14. Nagnath JirvankarOctober 17, 2014 at 7:04 PM

    Thanks for giving this information…..

    Reply
  15. Prof C B SinghOctober 17, 2014 at 7:06 PM

    It appears significantly more relevant for those who are fond of using pirated Windows and rest everything either pirated free for use. Re-think, the human life starting from birth to death is a paid service. Re-think be thankful to Quick Heal

    Reply
  16. a) we use wifi from mts or iphone hotspot. is this safe?
    b) how can we get such blogs , new bugs news on direct our cellphones via sms or email?
    c) is whatsapp so unsecured? major coys are subscribing and not using sms now….
    d) QuickHeal which version is enuf for such internet bugs ?

    Reply
    • Hi Ranjan,

      – If you are using secured Wi-Fi connection, then you are safe.
      – Please subscribe to your blog post by proving your email address on the Stay Updated section (right hand side of this post)
      – We cannot comment on the security of WhatsApp. However, we recommend users not to share any private, intimate, financial or confidential information over this platform.
      – Every Quick Heal product is designed to protect users from Internet and malware threats. Learn more about these products here – http://www.quickheal.co.in/home-users

      Regards,

      Reply
  17. George OommenOctober 17, 2014 at 8:06 PM

    Thanks for the information

    Reply
  18. Hiralal shahOctober 17, 2014 at 8:33 PM

    Thank you for alerting us.

    Reply
  19. subham sahooOctober 17, 2014 at 8:35 PM

    please tell how to be protected from this virus?

    Reply
  20. Yogesh B KakkadOctober 17, 2014 at 8:35 PM

    Thanks

    Reply
  21. renukadas u dixitOctober 17, 2014 at 8:49 PM

    thanks for giving very valid information

    Reply
  22. I AM USING QUICK HEAL TOTAL SECURITY ON MY LAPTOP.HAVING OP SYS AS WINDOW XP.
    WILL THE QUICK HEAL TOTAL SECURITY NOT PROTECT AGAINST Poodle Bug

    Reply
    • Hi Chander,

      As mentioned in the post, to exploit the POODLE BUG, an attacker has to come in between you and the website you are visiting. This area of vulnerability is off-limits for any antivirus software. So, it depends on the user to be more cautious, which, in this case means not using unsecured Wi-Fi network.

      Regards,

      Reply
  23. Chetan PatelOctober 17, 2014 at 9:59 PM

    THANKS FOR THE INFORMATION.

    Reply
  24. Manohar ChaudhariOctober 17, 2014 at 10:05 PM

    Thanks for information

    Reply
  25. Pradip MondalOctober 17, 2014 at 10:16 PM

    I AM USING QUICK HEAL TOTAL SECURITY ON MY LAPTOP.HAVING OP SYS AS WINDOW7.
    WILL THE QUICK HEAL TOTAL SECURITY NOT PROTECT AGAINST Poodle Bug

    Reply
    • Hi Pradip,

      As mentioned in the post, to exploit the POODLE BUG, an attacker has to come in between you and the website you are visiting. This area of vulnerability is off-limits for any antivirus software. So, it depends on the user to be more cautious, which, in this case means not using unsecured Wi-Fi network.

      Regards,

      Reply
  26. thanks for your kind informetion.

    Reply
  27. shantanu kumar jenaOctober 17, 2014 at 11:25 PM

    thanks .

    Reply
  28. Mahesh kumar sihagOctober 17, 2014 at 11:35 PM

    Thaks sir.

    Reply
  29. Thanks for telling

    Reply
  30. nice information. thanks.

    Reply
  31. Thanks a lot

    Reply
  32. Thanks for the information.

    Reply
  33. Animesh N MistryOctober 18, 2014 at 6:23 AM

    thks for update

    Reply
  34. raficul islamOctober 18, 2014 at 11:35 AM

    thank u for this important information. plz keep this relation so that we can not fall in trap

    Reply
  35. thanks , was useful to me

    Reply
  36. Thanks for this vital information, looking forward to more update on this BUG.

    Reply
  37. Haradhan MohajanOctober 18, 2014 at 2:45 PM

    Thanks.

    Reply
  38. thanx for valuable information

    Reply
  39. Useful information. Thanks. Please keep us updated.

    Reply
  40. Satish DivyaOctober 18, 2014 at 3:04 PM

    Grand thanks

    Reply
  41. Satish DivyaOctober 18, 2014 at 3:05 PM

    Supper

    Reply
  42. Thanks for the information.

    Reply
  43. Pradip BuvejaOctober 18, 2014 at 4:00 PM

    Thx for the enlightenment. I will act accordingly and might stay safer online.

    Reply
  44. bablu upadhyaOctober 18, 2014 at 5:04 PM

    thks for update

    Reply
  45. JASHUBHAI M PATEL KAPADWANJOctober 18, 2014 at 5:34 PM

    thanks for the information

    Reply
  46. kaushal kishorOctober 18, 2014 at 5:55 PM

    Thanks for the information

    Reply
  47. thanksfor information

    Reply
  48. THNK U

    Reply
  49. Gopal ShresthaOctober 18, 2014 at 10:59 PM

    Thanks for useful information.

    Reply
  50. dr g s rekhiOctober 18, 2014 at 11:27 PM

    thanks for info!
    if my quick heal is updated reg and working , do i need to worry or do anyother thing , pls advise .dr rekhi

    Reply
    • Hi Dr. Rekhi,

      No, you need not worry if your Quick Heal product is regularly updated. Our virus databases are constantly working around the globe and resolving issues of hundreds of malware applications.

      Regards.

      Reply
  51. I am very-very thankful for the important information provided.

    Reply
  52. MY QUICK HEAL IS NOT UPDATING.. POP UP MSG SHOWING THAT PLEASE LOG IN BY ADMIN. BT ITS OPERATING FROM ADMIN..

    Reply
  53. Rahul GokhaleOctober 19, 2014 at 12:25 AM

    Nice tips everytime to protect our Pcs. Thanks!!! Does quickHeal Have any solution for TORNTV.com?

    Reply
    • Hi Rahul,

      “TornTv” is a video streaming, potentially unwanted program and may install third-party software additionally.

      It may collect information regarding your virtual activity, and this could be used by cyber criminals to flood your browsers with unreliable adware.

      Quick Heal detects the “Torn TV” PUP (Potentially Unwanted Program) in Antimalware module.

      To clean your system, in case it is infected with this PUP, follow the below steps (Take latest updates)

      1) Right click on QH system tray icon -> select “Launch Antimalware” or
      Open QH scanner -> Tools -> “Launch Antimalware”
      2) Click on “Scan Now” option.
      3) Scanning will start. If any PUP is found it will be shown in PUP’s files and folders.
      4) Make sure “Set System Restore Point before cleaning” check box is selected.
      4) Click on “Clean” option.
      5) It may ask to restart the system for proper cleaning.

      In case of any doubt you can raise a ticket on the below portal.

      http://support.quickheal.com/v4/

      Regards,

      Reply
  54. Swetang PatelOctober 19, 2014 at 8:01 AM

    Thanks For These INFO, inform Us about if there is some updates regarding POODLE BUG!!!!!!!!!!!!

    Reply
  55. Thanks for your kind information!

    Reply
  56. Dheeraj YadavOctober 19, 2014 at 9:46 AM

    Thanks sir ji for more info…

    Reply
  57. VAGHELA S.N.October 19, 2014 at 11:13 AM

    thanks

    Reply
  58. Thank u for d info.

    Reply
  59. shubhangi rajanwarOctober 19, 2014 at 2:16 PM

    thnks…………

    Reply
  60. thanksforthisinformation

    Reply
  61. Thanks for the information

    Reply
  62. Bidhu DebbarmaOctober 19, 2014 at 5:12 PM

    THANKS FOR THIS INFORMATION.

    Reply
  63. Quick heal nice application
    9710087414

    Reply
  64. i am using a personal wifi..can this still affect me?

    Reply
  65. DEBOBRATA PODDAROctober 19, 2014 at 6:47 PM

    I’m really impressed knowing this news about POODLE bug vulnerability in SSL version 3.Can you me more details about this vulnerability..

    Reply
  66. thanks for info it is vital n thnx to quick heal

    Reply
  67. surendra thakorOctober 19, 2014 at 8:03 PM

    pl.send alerts in hindi

    Reply
  68. KIRAN KUMAROctober 20, 2014 at 5:09 AM

    Thanks for alerting

    Reply
  69. Thanks for informing us about this we will take the precaution as per the insruction.

    Reply
  70. Thanx for quick heal to protect my phone

    Reply
  71. poodle bug solution and update quick heal

    Reply
  72. I would like to know more about this poddle bug.

    Reply
  73. Thanks but I’m scared.I don’t know much about encryption etc.but my wi-fi has WPA2 security. Is it sufficient for QHT.

    Reply
  74. Hello…
    I have a problem with my pc…im unable to open some of the websites in all browsers..when im seriously browsing something,my page navigates automatically to someother page…im unable to open any websites like songs.pk,downloadming,Movies25…pls resolve my problem…

    Reply
  75. anshu priyaNovember 5, 2014 at 5:44 PM

    i problem my facebook account jb mai apna fb open ki hu to close hi nhi ho rha h imean logout ho hi nhi rha h pls aap bataye ki logout kaise hoga , mai logout bar bar krti hu pr logout ho hi nhi raha h pls aap bataeye meri question ka sollution.

    Reply
  76. anshu priyaNovember 6, 2014 at 5:27 PM

    thanks bhiya mera problem solve ho gya apki wajah se thanks for ur suggestion

    Reply
  77. anshu priyaNovember 6, 2014 at 5:45 PM

    aap mujhe whatsapp k bare m bataeye kya mai pc par whattsapp chala sakti hu or mujhe ye bi pta h ki whatsapp pc pr chala sakti hu ek website h bluestacks.com es par download kr pc m run kra du to mai pc pr bi whatsapp chala sakti hu par maine sare procceess kr chuki hu nhi ho pa raha h pls bataye ki mere pc pr whattsapp kaise chalega yo bi ek – ek step bataye !

    Reply
  78. mere question ka answer abi tk nhi mila h ?

    Reply
  79. hello sir! sir mere lapy m quick heal antivirus h so ab end hone ja raha h so pls mujhe bataye ki “renew now” kar k mere lapy pr aa raha h notification and jb mai usse click krti hu “renew now” ko to new key magta h lekin quick heal to bola tha ki “renew now” krne se mujhe 2 month tk quick heal antivirus nhi barbana padega pr “renew now ” krne pr aisa kuch nhi hota h mujhe bataye ki kaise karu mai renew now or bolta h ki 20 days expire ur quick heal lieance pls renew now

    Reply
    • Hi Anshu,

      Thank you for using Quick Heal. We would request you to contact our Renewal Team, and they will be happy to assist you. Below is the contact details:

      020-66835945 / 020-6683559

      Regards,

      Reply
  80. or ha jb mai internet use krti hu to ek floder khulata h jisme likha rahta h ki There are new suspicious file entries in your quarantine floder , that are yet to be submitted to research
    Lab. Suspicious file submission ensures the detailed analysis of the file in reaserch lab of quick heal. After the detailed analaysis it can be added in the know virus signature data base which will be provided in updates to all user fir email mangata h submit krne k liye kya mai apna id de du pls aap mujhe bataye

    Reply