Menu
Chat
Get Started

Main Menu

Utility Menu

Call Today

(866) 495-0423
Main Line
(866) 739-8324
US Support
(855) 812-5191
Canada Support

POODLE – Not Man’s Best Friend

When most people hear POODLE, they think of man’s best friend. Well, actually, most men would probably go for something manlier, like a Pit Bull or Rottweiler, but you get the idea. Regardless, there’s a new POODLE on the block that isn’t the sweet, innocent pup that we’ve all become familiar with. It is a critical security vulnerability that has impacted the SSL 3.0 (v3).

On October 14th, 2014 the "Padding Oracle On Downgraded Legacy Encryption", or POODLE vulnerability, was released. This vulnerability is a flaw in the SSL 3.0 (v3) protocol and affects every implementation of SSL v3.  POODLE, when exploited, allows an attacker to steal information over time by altering communications between the SSL client and the server (also known as a "Man in the Middle" attack, or "MITM"), or to decrypt part of the confidential message. Although this vulnerability is relatively difficult to exploit, all entities, including BluePay, that use SSL v3 encryption need to take action to protect the confidentiality of data.

To mitigate this vulnerability, one approach is to modify all external websites so that they no longer accept connections via browsers that rely on SSL v3.  This will require end-users to have to connect via a browser that supports TLS 1.0 or better.  For the most part, this will affect Windows XP and Server 2003 users who use the version of the Internet Explorer browser bundled with the OS (Internet Explorer version 6, IE6, or earlier).  Some users of Internet Explorer version 7 (IE7) may be affected as well, if they have not patched to enable TSL v1.0 support. 

Affected Windows XP end-users are encouraged to upgrade their computer's operating system to Windows 7 or better. Affected IE7 end-users should patch the application to support TLS 1.0 or better. Alternatively, end-users may choose to install an alternative browser such as Firefox, Chrome, or Opera. 

Linux and Apple OS (Mac) users should already have TLS 1.0 capable browsers installed on their systems; however, if Linux and Mac users experience difficulties connecting to desired website after SSL v3 has been disabled, it is recommended that they patch their operating system or install a current version of Firefox, Chrome, or Opera browsers.

For more information on the vulnerability, please go to:

https://www.us-cert.gov/ncas/alerts/TA14-290A

http://googleonlinesecurity.blogspot.ie/2014/10/this-poodle-bites-exploiting-ssl-30.html

Topics: PCI Compliance and Fraud Prevention

Subscribe to Weekly Email Digests

Welcome to the BluePay Blog!

Whether you're a small business, an enterprise corporation, a financial institution, or a software partner, we have created a series of blog posts to help you and your customers, learn more about the complex nature of payments. Take a look to learn how payments can help to simplify your business operation, and may even help to grow your revenue.

Let us show you around:

  • Subscribe to the blog and receive weekly blog digests in your inbox.
  • Looking for more info on a specific topic? Click one of the topics below.
  • Follow us on Twitter to catch our newest blog posts. 

Recent Posts