评论
打印
A new vulnerability in the basic software used to secure the web has been discovered by cyber security researchers at Google, who have dubbed the flaw “Poodle”.
谷歌(Goole)网络安全研究人员在为互联网加密的基础软件中发现了一个新的漏洞,并将它命名为“Poodle”。
Poodle is the latest in a string of flaws being discovered in the architecture of the web. They include Heartbleed, which was also a vulnerability in the way websites form secure connections to send information, and more recently Shellshock, which had existed for over two decades.
Poodle是在互联网架构中发现的一系列漏洞中的最新一例。此前发现的漏洞包括“心脏出血”(Heartbleed)漏洞,它也是网站在建立安全链接以便传递信息的过程中出现的漏洞。其他还包括Shellshock漏洞,这个漏洞已存在了逾20年。
Cyber criminals could use the hole in SSL version 3.0 to obtain information that is meant to be encrypted in plain text but – so far – there is no evidence it has been used by hackers.
这个漏洞存在于SSL 3.0协议中,网络犯罪分子能够利用它明文获取本该加密的信息。不过,到目前为止,尚无证据表明曾有黑客利用过这一漏洞。
Unlike the Heartbleed bug, which affected two-thirds of the internet when it was first discovered in April – also by someone on Google’s security team – “Poodle” only affects websites using this old version of the software, and others who are communicating with those sites.
Poodle漏洞只会影响使用旧版本SSL软件的网站,以及与这些网站有通信往来的站点。这一点与“心脏出血”漏洞不同,在今年4月首次发现时,心脏出血漏洞影响到了互联网上三分之二的网站。
It is hard to track exactly how many sites could contain the flaw as SSL 3.0 dates back 15 years. But Cloudflare, a web performance and security company which stands in front of 5 per cent of the web’s traffic, said it could see less than 1 per cent of the sites using this version.
由于SSL 3.0协议已有15年历史,目前很难确切跟踪到底有多少网站带有这一漏洞。不过,网络性能和安全公司Cloudflare表示,该公司认为仍在使用这一版本协议的网站不到1%。目前,Cloudflare监测着5%的网络流量。
