Wednesday, 20 May 2015
As you have read many times in this blog, security on the Internet is every Internet user's responsibility. Both web site owners and websites visitors must participate in regular upgrades, not to get the shiny, new thing, but rather to protect against hacking and online threats.
As a result of recent compromises (FREAK, RC4, POODLE, etc) of what once were mainstay security protocols, credit card companies and the security standards community at large now require an upgrade from these older protocols to newer ones to protect the security of both site owners and visitors. This means secure web hosts must disallow use of the older protocols. Enforcement of this upgrade is accomplished by failing PCI compliance tests on websites that can negotiate the earlier protocols. PCI testing is required by credit card companies for all e-commerce sites that take credit cards online. Failure can result in fines and revocation of the ability to accept credit card payments. Visa will require disabling the older protocols effective June 30, 2016, but a leading PCI compliance testing company, Trustwave, has determined that the threats are serious enough to fail PCI compliance tests now.
How does this effect our clients? Effective 6/30/2016, we will disallow all traffic attempting to use TLS 1.1 or earlier in order to maintain PCI compliance and avoid fines. The oldest browsers supporting this change are Chrome v22, Firefox v27, IE 11 and Safari OS 10.9. Visiting an https website with an earlier version of any browser will result in a failed visit. So if you have one of the following browsers, you will need to take action or you will be unable to visit secure websites:
IE versions 8,9 and 10 have the appropriate functionality disabled by default, but customers can enable it by following the instructions in this video.
For the record, SSL versions 2.0 (1995) and 3.0 (1996) and TLS version 1.0 (1999) are no longer secure and must be replaced with TLS 1.1 (2006) or the newer 1.2 (2008). A complete discussion of the subject can be found here.
If you have any questions about this or other website related issues or if you need a secure web hosting environment, please give us a call at 877.397.7605 or contact us for more information.
Posted on 05/20/2015 3:00 PM by Customer Service
No comments yet.
To our valued customers, Around 2:00 AM on November 6, 2017 our operations team discovered a failed...
111 Web Studio is pleased to announce that we can now perform formal technology assessments for non-profit...
Do you sell products or services on your website? Then this is for you. Have you ever been looking...
Do you need to show progress of a fund drive and create a buzz amongst your donors? 111 Web Studio has...
Have you searched on Google today? The answer is almost certainly YES. Google now handles about...