Recently, a vulnerability in version 3 of the SSL encryption protocol was disclosed. This vulnerability, dubbed POODLE (Padding Oracle On Downgraded Legacy Encryption), allows an attacker to read information encrypted with this version of the protocol in plaintext using a man-in-the-middle attack.

For us, the window for exposure was quite small. We acted quickly to secure our infrastructure by removing support for SSLv3. If you’re having trouble accessing our APIs, you may need to upgrade your client to one that supports TLS 1.0/1.1/1.2. If you’re unable to access our web properties, updating your browser should do the trick.

To learn more about how POODLE works, who is affected and how you can protect yourself, you can read our article on the topic. If you have any questions, please ask them in the comments section and we’ll respond as quickly as we can.

Friday, October 17, 2014

« Back