You are sending a link to...
What's POODLE and am I Vulnerable?
Many of you may already have heard about the Internet-wide security issue referred to as POODLE that came out on October 14, and have asked us if you need to do anything about it. The short answer is maybe, so if you have specific questions about your own application, let us know and we'll take a look.
Meanwhile, I'll include some details here in case you are wondering what it's all about. POODLE stands for "Padding Oracle On Downgraded Legacy Encryption" and allows a hacker to read encrypted information in plain text using a man-in-the-middle type of attack. It affects anyone using older Web browsers that use SSL version 3 (SSLv3), specifically Internet Explorer (IE) 6.
The risk is somewhat low since a hacker must first develop a man-in-the-middle attack which while not trivial, certainly can be done. It requires the taking over of a router or intermediate server somewhere between the two parties having the encrypted conversation, whether that be a visitor to a secure website or a behind-the-scenes payment transaction. One point here is that even if each end of the conversation has not been hacked, the man-in-the-middle can be anywhere in between the two, so you may never know he's there. If a hacker is able to do this, he can force SSL v3 connections if it is available as a fall-back option on both ends. Once that is done, they can read the encrypted information in plain text.
You may notice a Version 3 listed if you read the details on an SSL certificate on a site you visit. This does not refer to SSLv3, but rather to Version 3 of X.509 which is not related to this vulnerability.
The Internet community at large including 111 Web Studio, is taking steps to protect customers, so if your website or shopping cart uses SSLv3 to send transactions to third party payment gateways such as authorize.net, you will soon be unable to process transactions because they will be blocked by the provider. Some secure transaction providers and other security minded sites are also blocking access to their websites from IE6 browsers. If you would like us to look at that or other options for you, give us a call at 877.397.7605 or contact us and we'll implement it for you.