By Fiona Ness on Tue 18 November 2014 in Web & eCommerce
Marc McLaughlin, Head of Infrastructure and Security provides an update on the Poodle vulnerability and the response at ProspectSoft…
In light of the news of the Poodle vulnerability, we have decided to disable SSL 3.0 support on all eCommerce and other sites hosted by ProspectSoft within the next few days to minimise any risk to our customers – or indeed customers of our customers.
This decision is in line with the decisions of other hosting providers including SagePay and Microsoft. Security is critical to your eCommerce business and although this will cause some change for anyone still using SSL 3.0, we cannot knowingly allow a vulnerability like this to exist.
Despite the news coverage, there is little to worry about. In fact, there are just 2 things you will need to be aware of:
1. Upgrade your browser
If you are using Internet Explorer 6, you will need to upgrade to a higher version of Internet Explorer, or use Firefox or Chrome.
Microsoft have decided not to release an update for this now unsupported browser, meanwhile most hosting providers are taking the same action as ProspectSoft. So anyone still using IE6 will begin to be blocked from accessing much of the Internet in the coming weeks.
2. Consider notifying your customers
Once we turn off SSL 3.0, any of your customers using Internet Explorer 6 won’t be able to access a secured site. i.e. any customers using IE6 and trying to access any site hosted by us via HTTPS will be unable to do so. Any customers using a later version of IE or Firefox or Chrome will be unaffected.
By now, most people will already know of the need to upgrade their IE6 browser. And, if they don’t they will find most, if not all secure internet sites will stop working for them. It won’t be just your site. So, in reality you probably need to do very little. However, if you think your customer base is likely to contain many IE6 or Windows95 users, then it might be prudent to warn them of this change.