Security Update - Response to the POODLE vulnerability

Monday, October 27, 2014 4:28:00 PM Categories: Ministry & Technology New Features
Rate this Content 0 Votes

 We are committed to keeping your data and our servers secure.  Recently a vulnerability in the SSL 3.0 protocol was discovered that is commonly referred to as POODLE (Padding Oracle On Downgraded Legacy Encryption).  Here are some details and alerts/actions for you to be aware of:

 
Details:
The SSL protocol is used for secure communications in web browsers.  SSL and TLS are the security protocols used to encrypt data between a web browser and the server and are required for access to the Churchteams application.  You typically recognize them by a lock symbol or https designation in the address line of your browser.  The POODLE vulnerability does not make the Churchteams servers vulnerable to being hacked into in any way but it does present the possibility of a "man in the middle" attack.  This means that if a hacker had control of a network (such as a WIFI connection) that someone connected to and started a Churchteams session; then it's possible they could de-crypt the communications for that session.  To eliminate the possibility of this we have disabled SSL 3.0 support on our servers as of 10/27/2014.  SSL 3.0 is a very old standard that is only used by older browsers and as a fallback if newer encryption methods fail, so disabling SSL 3.0 should have no effect on the vast majority of  Churchteams users.  However, if you are using a very old computer with an outdated browser (such as Internet Explorer 6 on Windows XP) then you will need to upgrade the browser to a newer version to connect to Churchteams from that computer.  The latest versions (and even the past few versions) of all major browsers should not be affected.  
 
Alerts / Actions:
  1. If you have a computer that is having problems using Churchteams, upgrade the browser to a newer version.  (In Internet Explorer click Help then About Internet Explorer)
  2. Please test all of your check-in stations this week to see if you have an issue.  If so, be sure to upgrade the browser well before you need it for check-in so that you can test to ensure everything is working well.
Upgrades like these are just a part of technology growth and development.  We appreciate the opportunity to serve you and take the privilege of your trust very seriously.