Date: 22/07/2018
Name:
Email: Keep my email address private
Reply:
**Your comments must be approved before they appear on the site.
Authentication:  

  
clear
You are posting a comment about...
PCI and Browser Security

As you have read many times in this blog, security on the Internet is every Internet user's responsibility. Both web site owners and websites visitors must participate in regular upgrades, not to get the shiny, new thing, but rather to protect against hacking and online threats.

As a result of recent compromises (FREAK, RC4, POODLE, etc) of what once were mainstay security protocols, credit card companies and the security standards community at large now require an upgrade from these older protocols to newer ones to protect the security of both site owners and visitors. This means secure web hosts must disallow use of the older protocols. Enforcement of this upgrade is accomplished by failing PCI compliance tests on websites that can negotiate the earlier protocols. PCI testing is required by credit card companies for all e-commerce sites that take credit cards online. Failure can result in fines and revocation of the ability to accept credit card payments. Visa will require disabling the older protocols effective June 30, 2016, but a leading PCI compliance testing company, Trustwave, has determined that the threats are serious enough to fail PCI compliance tests now.

How does this effect our clients? Effective 6/30/2016, we will disallow all traffic attempting to use TLS 1.1 or earlier in order to maintain PCI compliance and avoid fines. The oldest browsers supporting this change are Chrome v22, Firefox v27, IE 11 and Safari OS 10.9. Visiting an https website with an earlier version of any browser will result in a failed visit. So if you have one of the following browsers, you will need to take action or you will be unable to visit secure websites:

  • Android 2.3.7
  • Android 4.0.4
  • Android 4.1.1
  • Android 4.2.2
  • Android 4.3
  • Baidu Jan 2015
  • IE 6 / XP
  • IE 7 / Vista
  • IE 8 / XP
  • IE 8-10 / Win 7
  • IE Mobile 10 / Win Phone 8.0
  • Java 6u45
  • Java 7u25
  • OpenSSL 0.9.8y
  • Safari 5.1.9 / OS X 10.6.8
  • Safari 6.0.4 / OS X 10.8.4

IE versions 8,9 and 10 have the appropriate functionality disabled by default, but customers can enable it by following the instructions in this video.

For the record, SSL versions 2.0 (1995) and 3.0 (1996) and TLS version 1.0 (1999) are no longer secure and must be replaced with TLS 1.1 (2006) or the newer 1.2 (2008). A complete discussion of the subject can be found here.

If you have any questions about this or other website related issues or if you need a secure web hosting environment, please give us a call at 877.397.7605 or contact us for more information.

Recent posts

Service Outage November, 6 2017

To our valued customers, Around 2:00 AM on November 6, 2017 our operations team discovered a failed...

Technology Grants for Nashville Non-Profits

111 Web Studio is pleased to announce that we can now perform formal technology assessments for non-profit...

Dynamic Remarketing to Your Customers Online

Do you sell products or services on your website? Then this is for you. Have you ever been looking...

Raise Money On Your Website with 111!

Do you need to show progress of a fund drive and create a buzz amongst your donors? 111 Web Studio has...

Finding & Nurturing Customers. The Power of Digital Marketing.

Have you searched on Google today? The answer is almost certainly YES.   Google now handles about...