"POODLE" Web browser vulnerability - what you need to know | Striata
  • Subscribe   
  • Subscribe   

"POODLE" Web browser vulnerability - what you need to know

Notice - web browser vulnerability

Striata is aware of the SSLv3 security vulnerability published by Google on Tuesday 14th October 2014, called POODLE (Padding Oracle On Downgraded Legacy Encryption). To protect you, our support for SSLv3 and lower HTTP​S ​encryption protocols will immediately be removed​ from our websites.

The vulnerability allows an attacker to steal details sent from a web browser to a website, such as login details or passwords, thus making it possible for them to steal personal details and use them to log into an affected website.

We request that all users check their browsers for compatibility, see table below. If you are using an earlier version that is not on this list, please upgrade immediately.

Browser

Supported versions

What to do if you think you have an unsupported browser

Internet Explorer

Internet Explorer 8 or newer on Windows.

Visit the Windows site and download version 8 or newer:
http://windows.microsoft.com/en-us/internet-explorer/download-ie

Google Chrome

All versions of Chrome on Windows, OS X, Linux, Android, iOS and Chrome OS

Visit Google Chrome website and download latest version:
https://www.google.com/chrome/browser/

Mozilla Firefox

All versions of Firefox on Windows, OS X, Linux, Android, Firefox OS

Visit Firefox website and follow steps to update:
https://support.mozilla.org/en-US/kb/update-firefox-latest-version

Opera

Opera 6 and newer on Windows, OS X, Linux, Android, Blackberry and Windows Mobile

Visit the Opera website and download Opera 6 or newer:
http://www.opera.com/

Safari

Safari for Mac OS X 10.2 or newer
Safari 3 and newer for iOS and Windows

Visit the Apple website and download the latest Safari browser:
http://support.apple.com/downloads/#safari

Technical details:

POODLE stands for Padding Oracle On Downgraded Legacy Encryption. To protect our users, support for SSLv3 and lower HTTP​S ​encryption protocols has already been removed​ from our websites. Any users attempting to access our application or visit our website with an unsupported browser will be denied and will receive the following error: “Page cannot be displayed“.

We apologize for any inconvenience caused, but please be assured this has been implemented for the safety of your personal information.

Should you have any questions or concerns, please contact us.

Sincerely
Chantelle van Wyk
Global IT and Security Manager