Security update: What you need to know about the Poodle bug
The Poodle bug is a recently uncovered security vulnerability in an encryption protocol. This article tells you how we are protecting you and visitors to your online shop from the Poodle bug and what impact this will have.
What exactly is the Poodle bug?
When sensitive data is transferred on the Internet, an encryption protocol is usually used to protect it. This ensures that the data, such as credit card details or account numbers, is encrypted and cannot be read by third parties.
It was recently discovered that the old SSL 3.0 protocol contains a bug. This allows potential attackers to intercept Internet users’ data, for example, and take over their browser sessions. Admittedly, SSL 3.0 has long been obsolete and was superseded by a new protocol called TLS 15 years ago, however most current browsers still support SSL 3.0 as a fall-back solution. It may be possible for attackers to force a downgrade to the unsecured version SSL 3.0.
And it’s not just Internet users who are affected by the bug. This security vulnerability also represents a threat to servers that host online shops and other websites.
How can we protect you against the Poodle bug?
To protect you and your customers against the bug, we have already started to disable SSL 3.0 on ePages provider servers. Customers of your shop who use Windows XP and a severely outdated version of Internet Explorer, like IE 6, will not be able to complete the order process in the future. Fortunately, there are relatively few users who surf the Internet with such a configuration. In any case, using this outdated software is ill-advised to say the least: since April this year, Microsoft has no longer been publishing updates for Windows XP, which means that the operating system is highly unsecure and susceptible to attack.
What changes are there for PayPal?
Just like us, the payment provider has been taking steps since the Poodle bug was uncovered. From 3rd of December, PayPal will cease support for SSL 3.0. Here too, users with Windows XP and a highly outdated version of Internet Explorer will be barred and will no longer be able to use PayPal.
What steps do ePages sellers need to take now?
All updates to your shop system are automatically applied and that is naturally the case for this security update too. We will also update the PayPal interface for you in good time on 3rd of December, so you don’t need to do anything.
How can Internet users protect themselves from the Poodle bug in general?
Regardless of whether you run an online shop or not, you should always use a current operating system, such as Windows 8. You should always keep the operating system and any other software up to date. Any security vulnerabilities are dealt with by regular updates.
However, anyone using an up-to-date browser can also be affected. So if your browser supports SSL 3.0, you should disable it. Instructions on how to do this can be found on the web.
Leave a Reply
Want to join the discussion?Feel free to contribute!