Poodle Security Threat

What is the Poodle Security Threat?

A bug has been found in the Secure Sockets Layer (SSL) 3.0 cryptography protocol (SSLv3) which could be exploited to intercept data that’s supposed to be encrypted between computers and servers. Three Google security researchers discovered the flaw and detailed how it could be exploited through what they called a Padding Oracle On Downgraded Legacy Encryption (POODLE) attack (CVE-2014-3566).

It is important to note that this is NOT a flaw in SSL certificates, their private keys, or their design but in the old SSLv3 protocol. SSL Certificates are not affected and customers with certificates on servers supporting SSL 3.0 do not need to replace them.

Here is more information about the Poodle Security Threat:

http://www.symantec.com/connect/blogs/poodle-vulnerability-old-version-ssl-represents-new-threat

http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html

What is PayTrace doing about it?

For the safety of our users, PayTrace will be disabling SSLv3 support across our application in the coming days. At this time, we have disabled SSLv3 support on our beta site located at www.beta.paytrace.com. In an effort to avoid any problems or disruption during this time, we strongly encourage all users over the next few days to update to the most current versions of their internet browsers, and then login to our beta site to verify they can login without issue. Current and up to date browsers are less likely to run into accessibility issues. Please contact our support department for help with any issues you might run into.