A new attack on the SSLv3 protocol, disclosed Tuesday, takes advantage of an issue with the protocol that enables a network attacker to recover the plaintext communications of a victim. The attack is considered easier to exploit than similar previous attacks against SSL/TLS, such as BEAST and CRIME, and can enable an attacker to retrieve a supposedly secure cookie for a given site.
The attack is known as POODLE and was developed by several researchers at Google, including Thai Duong, who was part of the duo who developed the BEAST and CRIME attacks several years ago. The technique takes advantage of the fact that when a secure connection attempt fails, servers will fall back to older protocols, such as SSLv3, in an attempt to communicate securely with the remote client. An attacker who can trigger a connection failure can then force the use of SSLv3 and attempt the new attack.
Continued: http://threatpost.com/new-poodle-ssl-3-0-attack-exploits-protocol-fallback-issue/108844
Related:
POODLE vulnerability: The end of life of SSL 3.0
SSL broken, again, in POODLE attack
There Is a New Security Vulnerability Named POODLE, and It Is Not Cute
Security experts warn of 'POODLE' attack against SSL 3.0

Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic