Blog:

Are you vulnerable to the POODLE SSL exploit?

Poodle exploitation

Poodle exploitation

 

You may have received an email recently or read online or in the press about the recent POODLE SSL 3.0 vulnerability and are wondering what it is, and does it affect you. Should you be worried?

What is POODLE?

The POODLE attack (which stands for “Padding Oracle On Downgraded Legacy Encryption”) is a man-in-the-middle exploit which takes advantage of Internet and security software clients’ fallback to SSL 3.0.
Source: http://en.wikipedia.org/wiki/POODLE

This basically means that the “old” way that Internet web browsers used to send and receive data securely using SSL certificates is out of date and insecure, and that a new way (TLS) is what everyone should be using now. Whether you use SSL or TLS is determined by the webserver and whether it has the correct TLS modules installed. NB: teclan’s servers do!

Does it affect you?

In other words, is your website protected against the POODLE attack?
The short answer is that if you are hosted with teclan, as long as you’re using an up-to-date payment service provider and an up-to-date ecommerce platform, then yes, you should be okay.

It is best to check with your hosting company (all good if it is teclan), your ecommerce provider (all good if it is Magento, SellerDeck, BigCommerce) and your payment service provider (all good if it is one of the main ones e.g. WorldPay, SagePay, PayPal) to ensure all parties are utilising the new TLS protocol.

About Fergus

As the Managing Director of teclan ltd Fergus has been identifying and exploring new and emerging opportunities in the ecommerce market for over 10 years.