Another day, another security vulnerability, and another cloud hack.Stop me if you’ve heard this before: “A newly discovered internet security vulnerability allows hackers to steal private account information from users.” Or how about, “Cloud storage service hacked. Millions of users affected.”
The newly discovered vulnerability, called “POODLE”, is neither cute nor furry and it affects SSLv3. SSLv3, or version 3 of the Secure Sockets Layer protocol, is used to encrypt traffic between a browser and a web site or between a user’s email client and mail server. POODLE could allow an attacker to “hijack and decrypt the session cookie that identifies you to a service like Twitter or Google, and then take over your accounts without needing your password,” according to Wired. Additionally, to take advantage of the vulnerability, the hacker must be on the same network as you and you must be running javascritpt.
A major product affected by the vulnerability include: Internet Explorer 6 for Windows XP. There is a fix for POODLE, but there are many concerns that it could debilitate those using IE 6. Although IE 6 is ancient, there are always holdouts using outdated browsers.
Additionally, in the latest cloud hacking saga, on Monday hackers claimed that they had stolen the logins for almost 7 million Dropbox users and were threatening to release the information unless they were paid a Bitcoin ransom. Dropbox claims that the site itself was not hacked, but 3rd party sites that upload data into the Dropbox cloud storage.
Dropbox forced a password reset for affected accounts and suggests that those who weren’t affected change their passwords, just in case.