A Simple e-Commerce Security Check To Do Now!
Hackers all over the world are trying to exploit the SSL3 vulnerability dubbed ‘Poodle’ on e-Commerce websites. Email notifications were sent out to website owners warning about the vulnerability and how host providers and merchant portals were going to take care of it. All an e-Commerce website owner had to do was to tell a few impacted customers to upgrade their browsers to the latest version. After all, who still uses IE version 6? The answer is, hackers do and their bots will eventually get to your website.
Turns out that some hosting companies haven’t turned off their support for SSL3, so they aren’t passing the vulnerability tests yet. You can see if your site gets a ‘server is safe from Poodle vulnerability’ message by following this link: Semantec Tools. Just type in the name of the website that you need to test and read the results. Note: this is for use only if your website has an SSL certificate and the URL starts with https:// which you should have if you are running an e-Commerce site.
Website Certificate Test Results
The test should produce two ‘safe’ messages. One is for ‘Poodle’ and one is for ‘Heartbleed’. Both are dangerous vulnerabilities for e-Commerce websites. If you don’t get both of the ‘safe’ messages, your website is not protected. Contact your hosting company to ask why your website doesn’t get both of the ‘safe’ messages. Most likely, they haven’t turned off support for SSL3, which is an old version that modern browsers don’t support anymore.
SSL Algorithm Compatibility Results
Farther down on your results screen you will see references to the type of SSL certificate you have and how long it is valid. This is an additional bit of information that you need to check.
You need to look for the Algorithm Type field. If it is SHA1, you need to upgrade your SSL certificate to SHA2 (which is SHA256). This is for browser compatibility and what your site visitors see next to the the https:// on your browsers address bar as a security indicator. Browsers display an icon of a lock if your SSL certificate is valid. That lock will disappear and be replaced with either a blank page icon, or worse, a red x if you don’t upgrade to SHA2 soon.
Google Rolling Out Beta Chrome
Google is rolling out their Beta Version of Chrome now, which will check the SHA version your SSL certificate is using. They want everyone to move to SHA2, so if your SSL certificate renewal is coming up soon, you can upgrade to SHA2 then. But if your certificate is not going to expire for a few years, you are going to have to bite the bullet and upgrade now. It’s just a matter of time before all the browsers follow suit.
Keep Your e-Commerce Site Safe
Our website hosting company tests for upgrades and security vulnerabilities daily, and we just helped another hosting company find their vulnerabilities. They didn’t have SSL3 disabled on a few servers that hosted e-Commerce sites, but they corrected it immediately after we warned them. Why help another hosting company? We can’t possibly host everybody’s website and we consider these guys to be allies in the business.
There are many choices in hosting companies, make sure yours is keeping your site safe. If you want more information you can contact us at this posts obligatory link to our Webmasters Blog.