Padding Oracle On Downgraded Legacy Encryption (“POODLE”) is a vulnerability in SSL v3 which is used by very old browsers such as Internet Explorer that allows someone, such as a nosy IT admin to watch traffic in between computers and the websites they are asking for. If you have an ecommerce shop, that means that someone could potentially see your customer’s credit card information when your customer hits the “Checkout” button in your shopping cart.
It’s one of those security problems that is so bad, that you have to fix it as soon as humanly possible. In fact, Authorize.NET put out a newsletter last week stating they will no longer process payments from any site that hasn’t fix POODLE.
So how do you know if you are affected?
First, try this test: SSL Lab’s POODLE Test.
If there is a red bar that says your domain is vulnerable to POODLE, then keep reading. If you are getting the all clear green bar then don’t worry about it, you’re done!
So if you’re still reading, you’re impacted by POODLE and you need to fix it.
If you are running a windows server, click here.
If you are running a linux server, click here.
For the Microsoft Windows boxes we repaired it took about 10 minutes to make the registry changes plus a server reboot because the change needs to happen in the registry. For the Linux (apache) boxes we repaired it only took about 5 minutes to make the change, and no server reboot was required but it did require an apache restart. So keep this downtime in mind while you bring your servers up to speed.