Learn More about Member Value

News

Member Benefits
Learn more
Learn more about the benefits of membership.
CU System

Muzzle POODLE vulnerability by updating browsers, SilverSky advises

October 21, 2014

MADISON, Wis. (10/22/14)--Keeping operating systems and browsers up to date is key to protecting credit unions and members against a new security vulnerability discovered last week.

POODLE (Padding Oracle on Downgraded Legacy Encryption) exploits a flaw in old Secure Socket Layer (SSL) 3.0 encryption protocol. POODLE allows a third party to capture information sent between the user and the website--known as a "man in the middle" attack.

"You might not notice anything," said Andrew Jaquith, chief technology officer for SilverSky, a provider of cloud security solutions and a CUNA Strategic Services alliance provider. "They are snapping up the information that you're transmitting. It's insidious--you just won't know."

"It affects every browser, every server, because everyone supports backward capability," he told News Now. "Now it needs to be disabled in all these areas."

For credit unions, that means they must disable SSL 3.0 on all servers and member-facing sites. "If you're using any systems newer than 2006 or 2007, you should be fine," he said. Credit unions also should make sure they have recently updated versions or patches on their operating systems. "Always turn on automatic updates," he advised.

Credit unions can also help protect their employees and members by making sure they are using "slightly more modern browsers," he counseled. Internet Explorer 6 and below are vulnerable so members should be using Google Chrome, Firefox, Safari or Internet Explorer 7 and above.

"As a browser user, the nice thing about Chrome and Firefox is that they do silent updates in the background," Jaquith said.

Silver State Schools CU, Las Vegas, with $655 million in assets, took a proactive approach in notifying its members about the vulnerability and what it was doing to update its four member-serving systems. "We have begun taking corrective action," it noted on its website. "As a result, you may experience short interruptions in some or all online services."

It also suggested members look at their own Web browsers to ensure SSL 3.0 is disabled.

SilverSky/CUNA Strategic Services

Subscriber Exclusives What’s Your Risk Appetite?

What’s Your Risk Appetite?

Embrace risk to identify new opportunities, respond to fraud, and achieve strategic objectives.
Cybersecurity Safeguards

Cybersecurity Safeguards

Preventing data breaches and network intrusions requires implementing a range of protective measures.
360-degree Success

360-degree Success

CUNA, leagues and credit unions built their 2019 advocacy priorities on a strong foundation.
Subscribe Now

Trending

Polls

How often do you talk to the board about compensation?

View Results
More