2 Easy steps to combat POODLE attack (SSL 3.0 website bug)

Poodle Attack

There is a new vulnerability discovered called POODLE. Websites using SSL certificates which makes use of SSL V3 protocol are affected. For the end user it means websites where one sees the green color lock symbol in the address bar ( secured websites where data is encrypted and sent over secured layer, generally bank transactions) which uses SSL v3 are at risk. A team in Google has discovered this bug, where an hacker could read the data which is sent in plain text under SSL V3.

How to fix or protect yourself from POODLE attack?

Server side

You can check if a given website is affected by checking if it uses SSL V3 protocol by using this tool by Qualsys SSL labs. If yes, It has to be made retired by allowing only TLS 1.0 and above.

Client side

You can adjust your settings in browsers by directing it to use only TLS v1.0 and above protocols. That could automatically disable you from exposing to SSL V3.0 where it is vulnerable to POODLE attack. You can follow these steps and adjust following settings on your preferred browsers.

Google Chrome
firefox_poodle

Mozilla Firefox
chrome-poodle

Internet Explorer
internetexplorer_poodle

Update 1 : Twitter has retired SSL v3 protocol server side.

Update 2: Firefox 34 has removed support for SSL3 to combat poodle attack.