On October 14th, Google announced their engineers discovered a flaw in the design of SSL v3, and this vulnerability has been named “POODLE”. 

We are disabling SSL v3 on all our servers to ensure your site’s security. Most people should not experience any issues as a result of the changes – Google estimates this change will affect less than 1% of the internet as the SSL 3.0 protocol is almost 18 years old, but has remained in place to support users running older browsers.

Check out Google’s Security blog for details on how Windows XP or IE6 are vulnerable to malicious code exploiting this problem.

You should take steps to protect yourself and your browser from the flaw just to be safe. If you are using IE6, you will need to update your version of IE, or consider switching to Chrome or Firefox,

If you are using the latest version of Firefox, they will be disabling SSL v3 in their November 25th Firefox update by default, but you don’t have to wait for that update. Mozilla has created a plugin that will allow you to set the minimum SSL version that Firefox will accept, and you can grab it here:

https://addons.mozilla.org/en-US/firefox/addon/ssl-version-control/

L
et us know if you have any questions.



Wednesday, October 15, 2014

« Back