POODLE Muzzled

By October 24, 2014News & Events

poodle

SSL v3.0 Vulnerability and Big River’s Response


Quick summary:  Big River is not vulnerable to a recently discovered security vulnerability, and there is no impact on your constituents use of your forms.

 

A vulnerability in the way web browsers and servers share information securely has recently been discovered.  This vulnerability, nicknamed POODLE, affects an older means of communication between browsers and servers.  For more technical information about this issue see https://www.us-cert.gov/ncas/alerts/TA14-290A

 

Big River treats all security vulnerabilities seriously.  Our servers are scanned periodically to make sure they are in compliance with the most up-to-date industry standards for security.  When vulnerabilities like these are announced, we take action on a timely basis.

 

As of last evening, this vulnerability has been addressed by our removing the vulnerable SSL security protocols from our server support.  We have confirmed that this has eliminated our vulnerability to this latest security issue.

 

What does this mean to you?  This should have no impact on your constituents, as the replacement for SSL, TLS, has been supported by all major browsers for some time.  The latest version of all major browsers have supported the most recent version of TLS since February of this year.

 

You can keep tabs on our current security compliance at any time, and compare it with others in the field via this application:
https://www.ssllabs.com/ssltest/analyze.html?d=production.gobigriver.com