Poodle, which literally stands for Padding Oracle on Downgraded Legacy Encryption, is a Man-In-The-Middle exploit that takes advantage of the way some browsers deal with encryption. Poodle can be used to target browser-based communication that relies on the Secure Sockets Layer 3.0 (SSL) protocol for authentication and encryption. SSL has in most cases been replaced by the Transport Layer Security (TLS) protocol, but some browsers will revert to SSL when a TLS connection isn't available.

When exploited, an attacker is capable of exposing encrypted information by standing between the sender and receiver (called MITM; more about this attack in the following chapter). The only way to prevent Poodle attacks is to stop using SSL 3.0. Use of this protocol among browsers is now minimal, though there might be cases where this protocol is still being used.

It took only one day for SSLv3-powered services to be moved to TLS, increasing from 3 percent to 11 percent worldwide from October 14...