When you talk on the Internet, you need to agree on a language with which to communicate. What if you want to talk privately? Well, there’s encryption for that. But just like any other sort of communication, you also need to have a form of encryption that you can use mutually with whomever you’re talking to. Since not all browsers use the same algorithms, servers sometimes have to retain compatibility with algorithms that can be quite dangerous. Google has just recently discovered an exploit that at this moment can affect millions of browsers worldwide that use such an algorithm, and we’re going to talk about it!

What Happened?

Remember that Heartbleed bug that was being reported in almost every tech website? Here’s the run-down if you don’t want to read an entire wall of text: OpenSSL (the encryption algorithm library used by many websites around the world) had a hole in it. Most medium and large websites plugged it up successfully by simply upgrading OpenSSL. That was all done and dusted until something else happened.

This time, what is being known as the POODLE exploit is once again plaguing Secure Sockets Layer (SSL), albeit a different version of it entirely. SSL 3.0 has a serious bug that allows hackers to easily decrypt cookies sent over the HTTP protocol. This will let them see personal information belonging to your login session and even allow them to impersonate you.

The Solution

SSL 3.0 is very old cryptography, dating back to the times when MySpace was still gaining traction as a social media website. In fact, the term “social media” wasn’t even very popular back then. Many of today’s millenials were either entering their teenage years or still playing in the dirt at recess in fifth grade. That’s how old it is, and servers are still using it!

poodlebug-ssllock

Since then some major improvements have been made, such as Transport Layer Security (TLS). This new cryptographic protocol eliminates many of the big issues that were present in SSL, such as vulnerabilities that led to certain attacks (such as cipher block chaining which was resolved in TLS 1.1). The only reason TLS needed a new acronym was that it was no longer “interoperable” in SSL. What we industrial know-it-alls mean when we say that something is “interoperable” is that it’s able to work with older versions of something.

So, SSL 3.0 is dead and now we’re using something known as TLS 1.2. The only problem is that there are still many browsers using SSL 3.0 for data transmission. Servers still support it as a safe fallback in case the browsers connecting to them do not support TLS. The worst part is that even if your browser advertises its compatibility with TLS, there’s no guarantee that the server won’t respond with SSL 3.0. Hackers can use this to force your browser and the servers sending you data to stick to the old protocol. For this reason and this reason only, the POODLE exploit is still a big deal.

Google has a proposal: Why don’t we just stop supporting SSL 3.0 and prompt everyone using it to upgrade? For people running servers and browser developers, the best advice from Google is to support TLS_FALLBACK-SCSV. Put simply, stop accepting SSL connections and only accept those on TLS.

Right now, Google says that it’s working on changes to Chrome to prevent it from falling back to SSL. Other browser developers may follow suit.

My best advice to you is to keep your browser up to date and make sure you don’t go to sites that you don’t trust. Other than that, you can also email website administrators with your concerns and link them to this article.

Any Other Helpful Advice?

If you think you have something helpful to add to this discussion, please go ahead and leave it in a comment! Everyone needs to be aware of everything they can do to maintain the security of all their information when browsing the Web.

You Will Surely Have A Corrupted WordPress Database Issue. Here Is How You Fix it

WordPress, like any other database driven application, is very prone to having the corrupted database issue. This article shows you how to recover from the issue and get your site back up working again.

Analyze Writing Errors with SlickWrite for Firefox and Chrome

Most spelling and grammar checkers in word processors spot obvious writing errors, but not the less obvious ones. Slick Write is a web service that analyzes writing errors as well as performs the usual spelling and grammar check.

Show Notification Counts on Pinned Tabs in Chrome

Do you use pinned tabs in Chrome as a way to keep up with your email and/or social networking sites – like Facebook, Twitter, and LinkedIn? Wouldn’t it be great if you could display notification counts for messages and unread items on your pinned tabs? Here’s how you can do so.

Setup Your Own Self-Hosted Survey Application and Create Unlimited Survey Forms

While there are tons of tools and services that you use to create survey forms and conduct surveys, If you wish to have full control over your data, LimeSurvey is a good survey application that you can install on your own server and host your own surveys.

8 Things You Should Do When Seeking Technical Support

Getting technical support is supposed to be easy, but sometimes we just make it more complicated. Here are things you should do to avoid getting stuck in support limbo.

Clef: Log In to WordPress Without Any Password

Tired of typing your username and password everytime you want to login to a site? Clef is a password replacement app that allows you to login without password.

How to Copy Multiple Texts in Firefox

For those who like copying text from multiple web pages, Text MultiCopy for Firefox allows you to copy multiple texts and paste them all at the same time.

How to Enable Private Tabs in Firefox

Private browsing in Firefox requires you to open a new window. The Private Tab addon allows you to open private tabs in Firefox instead of a separate window, making it easier for you to keep track of multiple sites at a time.

How to Get Rid of the Stickers in Comments on Facebook

Facebook added the sticker feature in its comments section. For those who dislike it, you can disable stickers in Facebook comments in Chrome and Firefox.

How Anonymous Are You on the Internet, Really?

If you really want to be anonymous on the web, here are a few things you got to know and also learn a couple of tenets.

How Facebook Scammers Use Disasters to Make Money from You

Facebook scammers love to turn the misfortune of others into an opportunity to make a quick buck. Here are some of the techniques they use.

Easily Make Old Extensions Work with Current Version of Firefox

Sometimes, you are not able to install old extensions as they are not compatible with your current version of Firefox. Here is how you can force compatibility and make them run.