Beware of POODLE

Author: Jack Martin

Poodle is the name of a new security vulnerability linked to theSSL (https) protocol (a widely used security measure between two machines operating over the Internet or on an internal network). SSL stands for Secure Socket Layer.

Here Is What You Need To Know

In support of legacy browsers, the SSL standard is allowed to ‘downgrade’ to earlier versions of the protocol. A legacy browser is the previous version of an upgraded browser. So, if Internet Explorer is currently on version 11, anything below IE 11 (such as IE 10) is considered a legacy browser. SSL v3.0 (Secure Socket Layer version 3.0) has an error that allowed an attacker to trick the server into downgrading to 3.0 and then exploiting this error.

POODLE, thus far, has only affected those using legacy browsers.

How to Protect Yourself from POODLE

As the problem is with SSL 3.0, Keystone Click has turned off support for SSL 3.0 for all of the accounts for which we provide hosting. Firefox and Chrome will soon have updates that will turn off SSL 3.0. To completely avoid the attack, you must have SSL 3.0 turned off on both the server and the browser as it is a two-sided issue.

To learn more, visit this in depth summary of the SSL 3.0 error.

Have any questions about what we do? Contact us today!