POODLE: new attack on SSL posted October 2014
A new attack on SSL 3.0 has been discovered. It's relevant because most browsers (except for Opera) allow a downgrade to SSL 3.0 if it cannot seem to use newer versions. Of course an attacker could disturb the connection and force someone to use SSL 3.0 in order to use the POODLE attack.
Full and clear explanation here
You might want a reminder of what is CBC to read it:
tl;dr: attack happens because of the way padding works in CBC in SSL 3.0
leave a comment...