LexiConn – October 2014 Newsletter
Forum › Forums › Newsletters › LexiConn – October 2014 Newsletter
This topic contains 0 replies, has 1 voice, and was last updated by lexiconn 9 years, 5 months ago.
-
AuthorPosts
-
October 28, 2014 at 5:50 pm #49064
*********************************************************************
OCTOBER 2014 NEWSLETTER
*********************************************************************In this Month’s Newsletter…
* SSL 3.0 Vulnerability
* Featured Client: gripstuds.com
* From the Blog…SSL 3.0 Vulnerability
——-
Researchers recently announced a newly discovered SSL vulnerability called Padding Oracle On Downgraded Legacy Encryption (POODLE).What It Is, What We Did To Fix It, How It Affects You
The POODLE vulnerability is basically a bug in the outdated, but still widely used SSL 3.0 protocols. SSL 3.0 was released in 1996, and was replaced by TLS (Transport Layer Security) in 1999. However, SSL 3.0 was never fully abandoned, and it stayed around as an alternative that browsers and web servers could use if there was a problem with TLS.
The vulnerability allows an attacker to potentially interfere with a secure connection and force it to use SSL 3.0, even if a newer protocol is supported. However, unlike the recent Heartbleed vulnerability, the attacker needs to have access to the network between the client and server to interfere with the handshake process. Thus, it’s very unlikely that this vulnerability would have any impact on you, aside from possible software issues, which we’ll cover later in this article. To read more about the vulnerability and it’s potential impact, reference:
http://www.symantec.com/connect/blogs/poodle-vulnerability-old-version-ssl-represents-new-threat
In order to eliminate this threat possibility from our network, we disabled SSLv3 on all of our servers shortly after this vulnerability was discovered. For most people, this would have no impact whatsoever. For some clients, e.g. those running an older version of ShopSite’s Order Transfer module, which relied on this protocol, the module would have stopped working. ShopSite quickly released an update that addressed the issue in older modules. Reference this post for more details:
Featured Client: gripstuds.com
——-
This month’s featured client is gripstuds.com. GripStuds.com is a small company that specializes in the sale of traction studs for both tires and footwear.For more detailed information on this month’s featured client as well as a listing of all past featured clients, please go to:
http://support.lexiconn.com/news/forums/forum/featured-clients/
From the Blog…
——-
Here are some recent posts from The LexiConn Blog:Ecommerce Tip: Social Logins For A Better Customer Experience – A look at integration with both ShopSite and Magento.
http://www.lexiconn.com/blog/2014/10/ecommerce-tip-social-logins-for-a-better-customer-experience/
ShopSite Tip – Merchant Alerts and Shipping Errors – A look at common shipping errors in the Merchant Alerts section.
http://www.lexiconn.com/blog/2014/10/shopsite-tip-merchant-alerts-and-shipping-errors/
Like what you’re reading? Subscribe by Email to our blog and receive an email when a new post is published.
http://feedburner.google.com/fb/a/mailverify?uri=LexiConnBlog&loc=en_US
As always, feel free to contact us with any questions you may have. Complete contact and support options can be found at:
Sincerely,
- The LexiConn Team
If you have a moment, please let us know how we’re doing!
-
AuthorPosts
You must be logged in to reply to this topic.