By Jim Finkle BOSTON (Reuters) - Three Google Inc researchers have uncovered a security bug in widely used web encryption technology that they say could allow hackers to take over accounts for email, banking and other services in what they have dubbed a "Poodle" attack. The discovery of "Poodle," which stands for Padding Oracle On Downloaded Legacy Encryption, prompted makers of web browsers and server software to advise users on Tuesday to disable use of the source of the security bug: an 18-year old encryption standard known as SSL 3.0. It was the third time this year that researchers have uncovered a vulnerability in widely used web technology, following April's "Heartbleed" bug in OpenSSL and last month's "Shellshock" bug in a piece of Unix software known as Bash. Security experts said that hackers could steal browser "cookies" in "Poodle" attacks, potentially taking control of email, banking and social networking accounts. Even so, experts said the threat was not as serious as the two prior bugs. "If Shellshock and Heartbleed were Threat Level 10, then Poodle is more like a 5 or a 6," said Tal Klein, vice president with cloud security firm Adallom. The threat was disclosed in a research paper published on the website of the OpenSSL Project, which develops the most widely used type of SSL encryption software. Rumors of a bug in SSL software had been circulating in recent days, prompting some security professionals to prepare for a major new threat this week. Ivan Ristic, director of application security research with Qualys, said "Poodle" was not as serious as the previous threats because the attack was "quite complicated," requiring hackers to have privileged access to networks. Jeff Moss, a cyber adviser to the U.S. Department of Homeland Security, said attackers would need to launch a "man-in-the-middle" attack, placing themselves between victims and websites using approaches such as creating rogue WiFi "hotspots" in Internet cafes. Google suggested a technical workaround to secure web servers, but added on its blog that it hopes to eventually remove support for SSL 3.0 from all client software. Mozilla plans to disable SSL 3.0 by default in the next version of its Firefox browser, to be released on Nov. 25. (http://mzl.la/1DaxOwY). "SSL version 3.0 is no longer secure," Mozilla said on its blog. "Browsers and websites need to turn off SSLv3 and use more modern security protocols as soon as possible." Microsoft Corp issued an advisory suggesting that customers disable SSL 3.0 on Windows for servers and PCs. Representatives with Apple Inc could not be reached. An Oracle Corp spokeswoman had no immediate comment. Matthew Green, an assistant research professor of computer science at Johns Hopkins University said that disabling SSL 3.0 can be difficult for some computer users. "It's not going to take out the infrastructure of the Internet. But it's going to be a hassle to fix," Green said. (Reporting by Jim Finkle. Additional reporting by Kanika Sikk; Editing by G Crosse and Ken Wills)
The Senate minority leader previously said he had no hard feelings toward the men, but his actions said otherwise.
- Good Housekeeping
During a recent taping of 'Today With Hoda and Jenna,' NBC journalist Hoda Kotb called out Jenna Bush Hager for misunderstanding the topic discussed on the air.
The debate might've been even weirder than we thought.
Trump says that if he's reelected he won't use the powers of the presidency to punish his enemies, but adds that he'd be 'entitled to a revenge tour'
In an interview with Hugh Hewitt, Trump went on a tirade against news outlets that reported on Russian interference during the 2016 election.
- Buccaneers Wire
See what Rob Gronkowski had to say to Tom Brady following the GOAT's second retirement announcement
- Miami Herald
An elementary school teacher in Homestead was charged Wednesday with having sex with one of his students. The relationship, police said the 13-year-old victim told them, was “romantic” after referring to him as her “boyfriend.”
Jessie James Decker took a brief break from her jam-packed schedule to enjoy some fun in the sun with her friends. See her bikini pic here.
- Fox Weather
Doctors are warning of a dangerous fungal illness rapidly spreading across the country, especially those living or visiting the California and Arizona areas.
- USA TODAY Sports - Golfweek
‘Just a Hall of Fame player that didn’t create controversy’: For Jordan Spieth, one LIV member is missed more than others
"He was a friend of mine. He is a friend of mine. I just haven't seen him. But I always really enjoyed playing with him and being around him."
- NBC Sports BayArea
After Tom Brady's second retirement announcement, could another high-profile quarterback end up in the Bay?
In a new interview, Meghan Markle opens up about how she and Prince Harry were initially not able to afford their $14 million home in Montecito after stepping..
Tom Brady is looking back at special times with the people closest to him, which include ex Bridget Moynahan, with whom he shares son Jack
‘I promise to give all of my money away before I die’: World’s biggest YouTuber paid for 1,000 people to get eye surgery but is slammed for ‘making content out of people who can’t see’
1,000 people had their curable blindness paid for by a YouTuber - but the internet isn't happy.
- Patriots Wire
This was Bill Belichick's statement regarding Tom Brady's retirement on Wednesday.
- The Weather Network
A powerful surge of Arctic air diving south will bring some communities their coldest air in years.
Mahogany Geter, a model in Tennessee, was born with lymphedema in her left leg, which she says caused it to eventually swell to 100 pounds.
Let it go: Here are 3 crucial things you must 'say goodbye' to in retirement. Most folks can't do it — but can you?
Change doesn't have to be bad.
Warren Buffett’s right-hand man Charlie Munger, who once called crypto ‘rat poison,’ says we should follow China’s lead and ban cryptocurrencies altogether
“A cryptocurrency is not a currency, not a commodity, and not a security,” Munger said Wednesday in a WSJ op-ed. “It’s a gambling contract."
Alina Habba is withdrawing as Trump's lead attorney for E. Jean Carroll's rape claim. Last month, a federal judge sanctioned her $1 million for bad lawyering.
Donald Trump's new lawyer in the case, Joe Tacopina, has experience representing the Washington Commanders as well as rappers like Meek Mill.
Kylie Jenner was spotted in a thong bikini during a solo beach vacation—check out the pics.