谷歌安全人員發現Poodle漏洞

A new vulnerability in the basic software used to secure the web has been discovered by cyber security researchers at Google, who have dubbed the flaw “Poodle”.

谷歌(Goole)網絡安全研究人員在爲互聯網加密的基礎軟件中發現了一個新的漏洞，並將它命名爲“Poodle”。

Poodle is the latest in a string of flaws being discovered in the architecture of the web. They include Heartbleed, which was also a vulnerability in the way websites form secure connections to send information, and more recently Shellshock, which had existed for over two decades.

Poodle是在互聯網架構中發現的一系列漏洞中的最新一例。此前發現的漏洞包括“心臟出血”(Heartbleed)漏洞，它也是網站在建立安全鏈接以便傳遞信息的過程中出現的漏洞。其他還包括Shellshock漏洞，這個漏洞已存在了逾20年。

Cyber criminals could use the hole in SSL version 3.0 to obtain information that is meant to be encrypted in plain text but – so far – there is no evidence it has been used by hackers.

這個漏洞存在於SSL 3.0協議中，網絡犯罪分子能夠利用它明文獲取本該加密的信息。不過，到目前爲止，尚無證據表明曾有黑客利用過這一漏洞。

Unlike the Heartbleed bug, which affected two-thirds of the internet when it was first discovered in April – also by someone on Google’s security team – “Poodle” only affects websites using this old version of the software, and others who are communicating with those sites.

Poodle漏洞只會影響使用舊版本SSL軟件的網站，以及與這些網站有通信往來的站點。這一點與“心臟出血”漏洞不同，在今年4月首次發現時，心臟出血漏洞影響到了互聯網上三分之二的網站。

It is hard to track exactly how many sites could contain the flaw as SSL 3.0 dates back 15 years. But Cloudflare, a web performance and security company which stands in front of 5 per cent of the web’s traffic, said it could see less than 1 per cent of the sites using this version.

由於SSL 3.0協議已有15年曆史，目前很難確切跟蹤到底有多少網站帶有這一漏洞。不過，網絡性能和安全公司Cloudflare表示，該公司認爲仍在使用這一版本協議的網站不到1%。目前，Cloudflare監測着5%的網絡流量。