clear

Subscribe

Recent Posts

clear

Archives

Friday, 31 October 2014
What's POODLE and am I Vulnerable?
Share
clear

Many of you may already have heard about the Internet-wide security issue referred to as POODLE that came out on October 14, and have asked us if you need to do anything about it. The short answer is maybe, so if you have specific questions about your own application, let us know and we'll take a look.

Meanwhile, I'll include some details here in case you are wondering what it's all about. POODLE stands for "Padding Oracle On Downgraded Legacy Encryption" and allows a hacker to read encrypted information in plain text using a man-in-the-middle type of attack. It affects anyone using older Web browsers that use SSL version 3 (SSLv3), specifically Internet Explorer (IE) 6.

The risk is somewhat low since a hacker must first develop a man-in-the-middle attack which while not trivial, certainly can be done. It requires the taking over of a router or intermediate server somewhere between the two parties having the encrypted conversation, whether that be a visitor to a secure website or a behind-the-scenes payment transaction. One point here is that even if each end of the conversation has not been hacked, the man-in-the-middle can be anywhere in between the two, so you may never know he's there. If a hacker is able to do this, he can force SSL v3 connections if it is available as a fall-back option on both ends. Once that is done, they can read the encrypted information in plain text.

You may notice a Version 3 listed if you read the details on an SSL certificate on a site you visit. This does not refer to SSLv3, but rather to Version 3 of X.509 which is not related to this vulnerability.

The Internet community at large including 111 Web Studio, is taking steps to protect customers, so if your website or shopping cart uses SSLv3 to send transactions to third party payment gateways such as authorize.net, you will soon be unable to process transactions because they will be blocked by the provider. Some secure transaction providers and other security minded sites are also blocking access to their websites from IE6 browsers. If you would like us to look at that or other options for you, give us a call at 877.397.7605 or contact us and we'll implement it for you.

clear
Posted on 10/31/2014 9:03 AM by Customer Service
Comments
No comments yet.

Recent posts

111 Webstudio Planned Maintenance Notification

ONE ELEVEN MAINTENANCE NOTIFICATION Valued Customer, Phase 1 of this maintenance will begin...

Service Outage November, 6 2017

To our valued customers, Around 2:00 AM on November 6, 2017 our operations team discovered a failed...

Technology Grants for Nashville Non-Profits

111 Web Studio is pleased to announce that we can now perform formal technology assessments for non-profit...

Dynamic Remarketing to Your Customers Online

Do you sell products or services on your website? Then this is for you. Have you ever been looking...

Raise Money On Your Website with 111!

Do you need to show progress of a fund drive and create a buzz amongst your donors? 111 Web Studio has...