A new vulnerability has been found in OpenSSL, the open-source software used to encrypt and secure web communication, that could potentially allow attackers to steal sensitive information normally protected by SSLv3 encryption protocol via a man-in-the-middle style attack. The vulnerability CVE-2014-3566, dubbed the “Padding Oracle On Downgraded Legacy Encryption attack” or “POODLE,” does require access between network devices which makes this less severe than Heartbleed discovered earlier this year.
Even though the severity is lower, Simple Helix still takes this matter very seriously. To secure our users and prevent unauthorized attacks against the content they protect with SSL/TLS encryption, we have taken steps to ensure that all servers we host have been patched against this vulnerability.
If you are using SSL/TLS encryption with a server hosted by Simple Helix, you can rest easy knowing that the appropriate action has been taken to keep your data secure. If you are not currently using SSL/TLS encryption and have an eCommerce presence, then we highly recommend that you get an SSL certificate to provide SSL/TLS encryption for your online store and customers. If you would like help setting up an SSL certificate for your store, please call or open a support ticket and our technical team would be happy to assist you. If you do not already have an SSL certificate, then you can get started for just $49.95 per year if you purchase through Simple Helix: http://simplehelix.com/services/ssl-certificates.