In a clear instance that highlights the importance of keeping software up-to-date, Google yesterday announced the uncovering of a bug in SSL version 3.0 (a standard of SSL that is 15 years old) that would render transactions originating from certain outdated browsers and/or Operating Systems vulnerable to attacks. POODLE is the name that Google has given to this bug and you can read more about Google’s assessment here. As soon as this flaw was announced, we at ResellerClub have removed access through SSL 3.0 to our servers and there is no reason to suspect any security breach.
Google has announced that this bug will impact less than 1% of the total Internet population. However, we strongly suggest that you take note of these developments and take steps to protect yourself against this loophole.
Who is affected:
Users of outdated browsers such as Internet Explorer 6. If you are using the latest version of Google Chrome, you have nothing to worry about.
What you need to do now:
- If you are using an outdated browser, upgrade to the latest versions of Google Chrome or make the following changes on your Internet Explorer: Setting -> Internet Options -> Advanced Tab -> Uncheck “SSLv3″ under “Security”
- If you are using Mozilla Firefox, you can download this plugin and choose the minimum acceptable version of SSL. Some other workarounds to patch this vulnerability can be found here.
- We strongly suggest that you communicate the discovery of this bug and its remedy to all your clients. This will help ensure that they retain confidence in you as their reliable online security providers and also help prevent instances of attacks that exploit this bug.
Stay tuned to our forums for further updates! Contact us if you need any further information!