We’re Safe From POODLE
tl;dr Don’t worry about an SSL vulnerability called POODLE. Also, don’t shop with Internet Explorer 6.
It seems like most of our posts nowadays are talking about security issues. It’s not the most exciting thing to read about, or deal with for that matter, but it’s important for technology firms to address how they respond to these things.
Today’s issue is a vulnerability in an older encryption standard – SSL 3.0. It was announced by researchers at Google, who gave it the acronym POODLE. Like the last two vulnerabilities we’ve written about, Heartbleed and ShellShock, POODLE could affect a good portion of the webservers in the world. Unlike those, however, ours was among them.
The operative word there is “was”.
Our webhost immediately disabled the standard across all of their servers. So did the folks who provide all the rest of our services, such as CRM and so forth. Pretty much everybody had this active because there are older web browsers, like Microsoft’s Internet Explorer 6, that need it to use SSL enabled sites. Since POODLE is a fault with the underlying standard, there’s no way to fix the problem and these web browsers are now pretty much locked out of eCommerce.
Thankfully, the actual impact on your sites is negligible. The issue only affects sites running SSL in the first place, which we only do for eCommerce. Of the tens of thousands of visits our network has gotten this year, only 13 of those were from IE6. Of those visits, only 5 were on an SSL enabled site, and we haven’t seen any since last March. While we don’t see many users of IE 6, if you are one of them, we highly recommend updating it to the most recent version to keep your personal safe while shopping online.