Last Tuesday, a trio of Google researchers published news regarding the existence of an Internet-wide security vulnerability that has a cute name but unfortunately also potentially disastrous effects. POODLE, which stands for Padding Oracle On Downgraded Legacy Encryption, is a new security hole that targets Secure Socket Layer (SSL) 3.0. Since SSL protects data that are in transit between a website and the users, POODLE potentially allows hackers to decrypt the HTTP cookies, which can be used to store personal information, website preferences or even passwords, depending on the situation. For example, POODLE could allow an attacker to hijack and decrypt the session cookie that identifies you to a service like Twitter or Google, and then take over your accounts without needing your password.
Since SSL 3.0 has largely been replaced by TLC (Transport Layer Security) and other successors, the easiest way to solve the problem should be simply to stop supporting SSL 3.0. Unfortunately, even though SSL is a pretty old (15 years) protocol, it is still used in most web browsers as a fallback for countless servers in case modern protocols fail to connect. In addition, there are some products and browsers, like Internet Explorer 6 for Windows XP, that only use SSLv3. As a consequence, Google says that stopping the support of SSL might lead to side effects, such as significant compatibility and connectivity issues.