ePC

Protect your business from POODLE

Written by Alan Ingram on Monday, 16 March 2015. Posted in Information technology

The POODLE security vulnerability was identified by the Google Security Team over the summer and effects many web services, including those hosted on Microsoft Internet Information Services (IIS).

It was found to be theoretically possible to force a client web browser to appear not to support newer, more secure encryption methods. This would result in the much older and insecure SSL (Secure Sockets Layer) V3 to be used, potentially making it easier to read the encrypted data.

As SSL V3 is so outdated (it was superseded by Transport Layer Security (TLS) in 1999), the simplest fix is to disable SSL V3 support on your web servers and browsers. Although all modern browsers support TLS, this change could cause Internet Explorer (IE) 6 running on Windows XP to fail. Internet Explorer (IE) 6 can support TLS. However, it has to be activated in the settings.

To ensure security, SSL V3 support has been disabled on each of ePC's cloud services such as our cloud hosting for Process Director.

Any clients using Process Director systems on the public facing Internet should ensure their systems are updated to disable SSL V3.

If the update causes any compatibility issues with older clients, please contact us as we will be able to help resolve such issues.

Visit POODLE Wikipedia (opens in a new browser)

About the Author

Alan Ingram

Alan Ingram

Alan is responsible for the strategic direction of ePC’s technical services and managing relationships with key client accounts.