Learn More about Member Value

News

Member Benefits
Learn more
Learn more about the benefits of membership.
CU System

Muzzle POODLE vulnerability by updating browsers, SilverSky advises

October 21, 2014

MADISON, Wis. (10/22/14)--Keeping operating systems and browsers up to date is key to protecting credit unions and members against a new security vulnerability discovered last week.

POODLE (Padding Oracle on Downgraded Legacy Encryption) exploits a flaw in old Secure Socket Layer (SSL) 3.0 encryption protocol. POODLE allows a third party to capture information sent between the user and the website--known as a "man in the middle" attack.

"You might not notice anything," said Andrew Jaquith, chief technology officer for SilverSky, a provider of cloud security solutions and a CUNA Strategic Services alliance provider. "They are snapping up the information that you're transmitting. It's insidious--you just won't know."

"It affects every browser, every server, because everyone supports backward capability," he told News Now. "Now it needs to be disabled in all these areas."

For credit unions, that means they must disable SSL 3.0 on all servers and member-facing sites. "If you're using any systems newer than 2006 or 2007, you should be fine," he said. Credit unions also should make sure they have recently updated versions or patches on their operating systems. "Always turn on automatic updates," he advised.

Credit unions can also help protect their employees and members by making sure they are using "slightly more modern browsers," he counseled. Internet Explorer 6 and below are vulnerable so members should be using Google Chrome, Firefox, Safari or Internet Explorer 7 and above.

"As a browser user, the nice thing about Chrome and Firefox is that they do silent updates in the background," Jaquith said.

Silver State Schools CU, Las Vegas, with $655 million in assets, took a proactive approach in notifying its members about the vulnerability and what it was doing to update its four member-serving systems. "We have begun taking corrective action," it noted on its website. "As a result, you may experience short interruptions in some or all online services."

It also suggested members look at their own Web browsers to ensure SSL 3.0 is disabled.

SilverSky/CUNA Strategic Services

Subscriber Exclusives Break-through branding

Break-through branding: Build an emotional connection

When Elevations Credit Union expanded into two new counties, senior leadership set out to tell its story in a bold, fresh way.
How technology transforms marketing

How technology transforms marketing

Artificial intelligence improves member conversions, engagement, and retention.
Analytics drives journey toward data nirvana

Analytics drives journey toward 'data nirvana'

Data analytics can provide the 'oh wow' moment of discovering member behavior.
Subscribe Now

Trending

Polls

Who should be the 2019 Credit Union Hero of the Year?

View Results
More