As website developers, software like web browsers is important to us. Of course, without them, you can't view the World Wide Web. There has been a pretty serious flaw discovered recently that could be big trouble for you if you're running an old web browser - meaning one that's not considered good or one that's out of date.
It comes down to something nicknamed "POODLE," which stands for: "Padding Oracle On Downgraded Legacy Encryption." This has to do with SSL, which is what creates a secure connection between your web browser and the server you're connecting to. This is important because all Internet traffic travels on the same roads. If someone wanted, they could just sit there on the road and watch the traffic go by. They could gather information. If that's traffic is encrypted, then they won't understand stand it and can't do anything with it.
A vulnerability came out regarding an older version of how SSL was used. It goes back to the early days of 1995. Closing this vulnerability is easy and the fix is both on website servers across the Web as well as your own web browser. Since you can't count on every web host out there the turn off this old version of SSL (we have), then to be safe, you need to do it with your browser.
To fix it and be protected, you should first make sure you have the latest version of web browser software.
Here's where you go: https://browsehappy.com/
There, you'll find the latest versions of modern web browsers.
Next, you'll want to disable SSL version 3 (SSLv3). This article explains how to do this in each web browser:
How To Stop The POODLE Exploit From Biting Your Browser (www.makeuseof.com)
Now, before you go and download Internet Explorer (IE), please stop and read this:
Today is the Day You Ditch Internet Explorer for Good (webstix.com)
Just. Stop. Using it.
Please.
Web designers and developers have always hated this browser. It's terrible. Microsoft doesn't adhere to standards and you have to code things twice sometimes for them to work in that awful browser. Because of that, prices for website design have gone up. I'm serious... because they did things their way and because every new Windows computer has that as the default browser, businesses have had to pay more for website design, which means they've passed that cost on to you as the consumer. And then a new version comes out and you have to check everything over... it's a nightmare.
Thankfully, use of Internet Explorer is in a serious decline and we couldn't be happier about that. This mainly has to do with the use of mobile devices (mobile device browsers) going up but we still see that people have found browsers like Chrome, Safari and Firefox to be far superior.
If you want to find out more about this SSL vulnerability, check this out:
Poodle - a bigger threat in theory (secunia.com)
You can either just disable it or else get some plugins to help.
This article explains Poodle for Internet Explorer and also how a fix for Poodle for Firefox isn't out yet but you can get a plugin:
Microsoft releases anti-POODLE Fix It (zdnet.com)
Google has said that it will remove SSL 3.0 support from all their client products over the next few months. The next version of Firefox (due November 25) will disable SSL 3.0 completely. In the meantime, Mozilla has created an SSL Version Control add-on to allow users to disable the feature.
Website design is moving forward all the time. To make sure you can take advantage of all the great things a web browser (and website) can do, make sure your software is up to date. This also help protect you and your private data. No software is secure. It all has holes, so they get found and fixed. You always want to update software on your computer - not just web browsers - to make sure your computer and data is safe.
-Tony
