A new vulnerability in the basic software used to secure the web has been discovered by cyber security researchers at Google, who have dubbed the flaw “Poodle”.谷歌(Goole)网络安全研究人员在为互联网加密的基础软件中找到了一个新的漏洞,并将它命名为“Poodle”。Poodle is the latest in a string of flaws being discovered in the architecture of the web. They include Heartbleed, which was also a vulnerability in the way websites form secure connections to send information, and more recently Shellshock, which had existed for over two decades.Poodle是在互联网架构中找到的一系列漏洞中的近期一例。
此前找到的漏洞还包括“心脏发炎”(Heartbleed)漏洞,它也是网站在创建安全性链接以便传递信息的过程中经常出现的漏洞。其他还包括Shellshock漏洞,这个漏洞已不存在了逾20年。Cyber criminals could use the hole in SSL version 3.0 to obtain information that is meant to be encrypted in plain text but – so far – there is no evidence it has been used by hackers.这个漏洞不存在于SSL 3.0协议中,网络犯罪分子需要利用它明文提供就让加密的信息。
不过,到目前为止,尚不证据指出曾有黑客利用过这一漏洞。Unlike the Heartbleed bug, which affected two-thirds of the internet when it was first discovered in April – also by someone on Google’s security team – “Poodle” only affects websites using this old version of the software, and others who are communicating with those sites.Poodle漏洞只不会影响用于旧版本SSL软件的网站,以及与这些网站有通信往来的站点。这一点与“心脏发炎”漏洞有所不同,在今年4月首次找到时,心脏发炎漏洞影响到了互联网上三分之二的网站。
It is hard to track exactly how many sites could contain the flaw as SSL 3.0 dates back 15 years. But Cloudflare, a web performance and security company which stands in front of 5 per cent of the web’s traffic, said it could see less than 1 per cent of the sites using this version.由于SSL 3.0协议有数15年历史,目前很难清楚追踪究竟有多少网站具有这一漏洞。不过,网络性能和安全性公司Cloudflare回应,该公司指出仍在用于这一版本协议的网站将近1%。目前,Cloudflare监测着5%的网络流量。
本文来源:jbo竞博官网-www.simsodeptbt.com
