Poodle – A New Web Vulnerability

Web Vulnerability

There is a web vulnerability that was recently discovered called Poodle. The vulnerability makes it possible to exploit secure web browsing that uses SSL (secure sockets layer) communications. SSL is one of the communication methods that may be established between the browser and the web server. SSL is an old communication method that has been replaced by a more modern and secure method known as TLS (Transport Layer Security). However, many if not most web servers still support SSL (as well as TLS) in order to support older web browsers.

What does this mean for you?

Due to the potential seriousness of the vulnerability, London Drugs will be immediately taking steps to remove support for SSL from all our web sites. For the vast majority of our customers, there will be no issue at all. A very small percentage (less than 0.2%) will be able to browse our websites but will not be able to make purchases, login, or perform any operations that require secure communications (https://).

Our research suggests that those affected will be customers using Internet Explorer versions 6 and earlier. For many reasons, these customers should consider upgrading their browser to a newer version.

As a general note, all customers should take a moment to disable SSL in their browsers to protect against this vulnerability when using other web sites that may not have taken the same action we have.

How do I disable this?

Follow the link below for instructions on how to do this.

https://zmap.io/sslv3/browsers.html

Previous Post:

Next Post: