Microsoft takes slow, cautious path to protecting IE against POODLE
Microsoft yesterday added an optional anti-POODLE defense to Internet Explorer 11 (IE11), and promised that additional protection would be switched on by default in two months.
The 15-year-old flaw in SSL 3.0 — an aged standard used to encrypt traffic between browsers and Web servers — was disclosed two months ago by a team of Google security researchers. Criminals could exploit the vulnerability using “man-in-the-middle” attacks to make off with session cookies. Those stolen cookies would let the hackers impersonate their victims, automatically logging into sites to make online purchases, rifle through email or pilfer files from cloud storage services.