Email vulnerable to 'Poodle' attack, Google warns

Three Google researchers have uncovered a security bug in widely used web encryption technology. They say it could allow hackers to take over accounts for email, banking and other services in what they have dubbed a Poodle attack.

The discovery of Poodle, which stands for Padding Oracle On Downloaded Legacy Encryption, prompted makers of web browsers to advise users on Tuesday to disable use of the source of the bug: the 18-year-old encryption standard SSL 3.0.

It was the third time this year that researchers had uncovered a vulnerability in widely used web technology, following April's Heartbleed bug in OpenSSL and last month's Shellshock bug in a piece of Unix software known as Bash.

Security experts said that hackers could steal browser cookies in Poodle attacks, potentially taking control of email, banking and social networking accounts. Even so, experts said the threat was not as serious as the two previous bugs.

"If Shellshock and Heartbleed were threat level 10, then Poodle is more like a five or a six," said Tal Klein, vice-president with cloud security firm Adallom.

The threat was disclosed in research published on the website of the OpenSSL Project, which develops the most widely used type of SSL encryption software.