Disclosed in the middle of October, a new attack on the SSLv3 protocol takes advantage of a vulnerability of the protocol that enables a network attacker to recover the plaintext communications of a victim. The attack is considered easier to exploit than similar previous attacks against SSL/TLS, such as BEAST and CRIME, and can enable an attacker to retrieve a supposedly secure cookie for a given site.
Brian Donohue and Dennis Fisher talks about the attack, which is now known as POODLE and was developed by several researchers at Google, in this October 2014 special edition of the Kaspersky Daily podcast:
Music for this podcast is by Yacht via the Free Music Archive and is licensed under Creative Commons.