When surfing the web, you may have noticed in the address bar that sometimes it changes from http://www.example.com to https://www.example.com. The addition of the “S” in the URL means that the site is secure (encrypted) so that any personal information you enter cannot be exploited. This can be anything from an account password to a bank account or credit card number you are typing in to pay a bill online. This encryption protocol is called SSL.
There are several different versions of SSL, the older and less secure version being SSLv3. When you visit a website, the computer that serves you the web page (web server), wants to communicate to your web browser; Internet Explorer, Fire Fox, Chrome, etc… (the software installed on your computer) in the most secure language. Unfortunately the SSLv3 version now has a security risk where a hacker can use an exploit called POODLE.
Even if your browser is up-to-date with its security settings (which includes disabling SSLv3), if the website you are visiting is sitting on a web server with the SSLv3 still active, there is a possibility that POODLE can force your browser back to the older, less secure setting. This is why it is important to not only to always have your browser and anti-virus up-to-date but also make sure the server your website is sitting on no longer has this SSLv3 installed.
Immediate solutions to keeping your WEBSITE safe: Josiesque Designs has already disabled the SSLv3 support on their server. Be aware though that there may be visitors to your site that cannot access the information. This is because they are using an outdated browser or operating system. Good news is, according to CloudFlare statistics, only 0.09% of all website traffic still requires the old SSLv3.
Immediate solutions to keeping YOU safe: Visit this site to see if your browser is infected.
Click on the links below to follow the instructions on how to possibly prevent being attacked from POODLE:
- Firefox (Mozilla Security Blog)
- Chrome (There is no quick fix. Zmap site explains the steps to take)
- Internet Explorer (Download program from Microsoft site to fix)
- Safari (Apple has released Security Update 2014-005 to address POODLE)
And as always, keep your Anti-Virus up-to-date and be wary of accessing online bank accounts or other sites where you are entering personal information when using a public wi-fi connection.