Another Week, Another Security Concern
Our servers have been fixed to avoid this exploit, however if you get your email while on an unsecured wireless network (i.e. at Starbucks), you may still be at risk. From Google:
"SSL 3.0 is nearly 18 years old, but support for it remains widespread. Most importantly, nearly all browsers support it and, in order to work around bugs in HTTPS servers, browsers will retry failed connections with older protocol versions, including SSL 3.0. Because a network attacker can cause connection failures, they can trigger the use of SSL 3.0 and then exploit this issue."
Microsoft issued an advisory about the POODLE attack on Tuesday but didn’t announce any specific plans for disabling the protocol in Windows or Internet Explorer. IE 6, an ancient version of the company’s browser, is the only major browser that doesn’t support anything newer than SSLv3.
To secure your email client (Outlook, Thunderbird, etc.), go into your account settings and update the "advanced settings", choosing TLS for your encrypted connection. The secure ports are 993 for IMAP, 995 for POP3 and 465 for SMTP.