From HOSTING Chief Information Security Officer (CISO) Johan Hybinette:
There is a new vulnerability announced called POODLE for SSL 3.0. This vulnerability allows attackers to manipulate communications between a browser and a website. In short, it allows a man-in-the-middle attacker on a network to extract plain text (unencrypted) data from an SSL encrypted channel, defeating the purpose of encryption.
POODLE does not pose a direct threat to host servers, but does threaten the security of the data communicated between servers and clients (and in some cases, other servers) such as application login credentials and data, payment card information, or private personal information.
Your environment can be vulnerable if you use SSL v3.0 to establish connections. Contact your IT team for further information.
HOSTING strongly recommends to take the action and disable SSL v3.0 and enable TLS 1.0 or greater to mitigate this vulnerability.
HOSTING has pro-actively completed these mitigation measures on our customer portal infrastructure to ensure all communication is properly secure. A side effect of these measures is that clients using out-of-date web browsers such as Internet Explorer 6 (IE6) or older will not be able to access the customer portal infrastructure. These clients are strongly advised to upgrade their browser to more current secure versions.
Contact HOSTING for more information.