This blog discusses the POODLE security vulnerability and how this impacts your website running Lead Commerce.
First we would like to provide you with a little bit of information about POODLE and what it is does. POODLE is the term that the security industry used to describe the security vulnerability in the SSL Version 3 cryptogram (i.e. SSLv3) used by older Internet browsers. It is important to note that this only involves older internet browsers and not your website. It was identified the week of October 13, and many Internet service providers are working on deprecating or disabling SSLv3 in their systems to prevent any exploits of the vulnerability. Lead Commerce has already removed the SSLv3 from our production servers where your website is hosted.
SSLv3 is the cryptographic protocol used by older browsers as newer versions of browsers have deprecated this for the newer more secure TLS version which has been around since 1999. These protocols are used by internet browsers when accessing pages under HTTPS. Unless you run your entire website securely, these pages will typically be your checkout pages as well as when your customers create accounts and of course your back office which should always be run in HTTPS mode.
WHAT TO DO NEXT
As for next steps, Lead Commerce is recommending that ALL merchants running the Lead Commerce platform purchase an SSL certificate immediately. You can do this by following these instructions here. For those of you who already have SSL installed, your website and back office are secure and there is nothing else you need to do at this point.
We will continue to monitor this issue and will provide updates to this blog as well as provide email alerts if this issue is escalated in any way.