Poodle Security Vulnerability

Poodle Security Vulnerability

On October 14, 2014, a new security vulnerability was discovered called POODLE. This vulnerability deals with SLL 3.0 (secure sockets layer).  This issue affeccts mostly older computers with legacy installations of Internet Explorer 6.0.  If that’s you and your machine, read on.

This type of technology is used to encrypt your connection when making purchases, viewing email, or completing other sensitive activities online. This exploit allows for a “Man in the middle” attack. Potentially, this allows someone with malicious intentions to intercept sensitive payment and cardholder data during transactions. If you’re using Internet Explorer 6.0 (If you are, this is a VERY old and unsupported version of internet explorer, and you can update right now here: Download Internet Explorer) and SSL 3.0 to connect to websites, your information might be at severe risk and you are out of PCI compliance.

There is good news though, the fix for this is really easy.  Just upgrade your internet explorer installation by visiting the following link: Download Internet Explorer, or follow the next instructions:

  1. Open Internet Explorer
    Click ‘Help’
  2. If your version starts with ‘6’, you definitely need to upgrade, but you don’t absolutely have to if you need to retain that version for some reason.  If that’s the case, continue with the instructions.
  3. Click ‘Tools’
  4. Choose the ‘Advanced’ tab
  5. Scroll down to the security section, and check use TLS 1.0.
  6. Click ‘OK’

In order to protect you and your data, most services will be shutting down the ability to connect using Internet Explorer 6 and the SSL 3.0 protocol.  If this happens, you will be unable to complete transactions, and you’ll be forced to complete one of the fixes above.

For more on the POODLE security vulnerability, visit Open SSL.