Poodle

It is Break time for PayPal Says POODLE Bug

October 21, 2014 | By Editor 

Summary

Just days before security researchers at Google exposed yet another security vulnerability called the “Poodle” flaw in SSL 3.0. For normal users, it would not mean much for e-commerce sites it means a lot. Expanded to read as “Padding Oracle On Downloaded Legacy Encryption,” POODLE’s menace has just begun.

Poodle Bug

E-commerce Sites at Risk

  • Considered as the third largest security flaw of this year, after Heartbleed and Shellshock, POODLE is shaking up things in the e-commerce industry, especially PayPal.
  • It means that PayPal may be broken for some e-commerce websites as the popular payment gateway plans to stop SSL 3.0 support. So, if your find your PayPal checkout broken, you now the reason behind it.
  • PayPal has announced a statement that the company is determined to disable the support for SSL 3.0 as soon as it is capable of doing so.
  • Unfortunately, this much needed step might cause compatibility issues for a few of its customers, and results in the inability to pay via PayPal on some sites. There may be other processing issues as well.
  • However, PayPal is not much worried about this short-term inconvenience since it is outweighed by the firm’s brand promise to keep its customers and their money secure.
  • As simple as that is for PayPal, the company is planning to remove its support for SSL 3.0 completely in another few days.
  • Users who are affected will be required to upgrade their checkouts to Transport Layer Security (TLS), which has replaced a majority of SSL 3.0 installations on PayPal.
  • However, there are some user who still go back to SSL 3.0 for legacy browser support. Further, many Web browsers will use older security protocols to retry failed TLS connections.
  • Even if PayPal has many advanced tools, it cannot force its users to update their software. It solely depends on the users.
  • Around 10 percent of Web traffic is still generated from Windows XP users or earlier versions. As a fact, many tech companies are yet to upgrade to Windows 7 or 8.

EV SSL

<< 5 Checklist for buying SSL CertificateBrowsers choose better privacy security >>

Posted in Poodle

Be Sociable, Share!

Leave a Comment


 


* fields are mandatory