As many of you may be aware it has been confirmed that version 3 of Secure Sockets Layer (SSLv3) is vulnerable at the protocol level. As a result of this new security attack (dubbed the POODLE attack) continued use of SSLv3 is dangerous.
While this attack is harder to co-ordinate than Heartbleed, many companies including Twitter have now disabled SSL v3. You can easily check if HTTPS sites you use are vulnerable here.
At DeskDirector the security of your data and your client's data is very important to us. As a result we have spent the last few days ensuring all of our systems will work were we to disable SSLv3. We can confirm the only issues will occur for the following situations;
- If your clients are running Windows XP and using Internet Exporer 7 or earlier the viewing of invoice PDFs and viewing of Quosal/QuoteWerks quotes in the Recommendations section will not work. They will need to upgrade to Internet Explorer 8 or higher to have this work again. All other functions will perform fine as long as you are using DeskDirector 14.2 or higher.
- If your clients are using DeskDirector 14.1 or earlier and have Internet Explorer 7 or earlier then HTTPS sites in the Learning Center will not work. Simply upgrade them to DeskDirector 14.2 to solve this problem.
In order for you to make sure you have mitigated the situations above, we will be disabling SSL v3 on all our servers this Sunday 26th October at 8pm EST. We are expecting this will cause an outage of approxiamatly 30 minutes.
Thank you for your understanding around any potential inconvenience this will cause. Again the security of your data and your clients data is very important to us.
To read more about the SSL v3 "POODLE" attack here are a handful of links;
https://www.us-cert.gov/ncas/alerts/TA14-290A
https://community.qualys.com/blogs/securitylabs/2014/10/15/ssl-3-is-dead-killed-by-the-poodle-attack
http://googleonlinesecurity.blogspot.co.nz/2014/10/this-poodle-bites-exploiting-ssl-30.html
http://www.wired.com/2014/10/poodle-explained/
