If you run a small online shop then the chances are that, like many of Toni’s clients, you haven’t heard anything about Poodle or the problems that it’s about to cause you.
Unfortunately the warm and fuzzy name hides a rather nasty problem for all website owners but especially for those who have online shops and use PayPal because Poodle is really coming to bite us on December 3
Poodle is an acronym for Padding Oracle On Downgraded Legacy Encryption and it affects emails, browsers and online transactions by allowing access to secure internet traffic via the industry standard SSL 3.0 protocol.
In layman’s terms that means that previously secure messages are no longer secure and hackers can basically listen in to information that is being passed between points online.
The good news is that there is already alternatives to SSL 3.0 in place and we’ve known about this exploit for some time so many web hosts have already using those alternatives for email.
The bad news is that, although those alternatives have been in place for quite some time, most e-commerce software is still the using SSL 3.0 protocol and only one web browser is compliant with the alternative.
And now the clock is ticking to get things fixed because PayPal has dropped a deadline on us.
So what’s the hurry?
I can hear your thoughts because we’ve had them too. If we’ve known about this problem for some time then why do we have to rush and do something about this just before the Christmas rush?
Well on December 3 at 12.01am Pacific Standard Time PayPal will disable the use of SSL 3.0 within their system. That means that from that date and time PayPal will not process any transactions that come to it via SSL 3.0.
Instead, people who are trying to buy what you’re selling will get an error message that may look like this: “An error occurred when we tried to contact the payment processor. Please try again, select an alternate payment method, or contact the store owner for assistance. () – (35) error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number”
It also means that if you try to log into your PayPal account using a browser such as Internet Explorer or Firefox … both of which still use SSL 3.0 at the time I’m writing this … you may also get an error message.
So what should you do?
The first thing you should do is switch to a compliant browser. Now I know that we all have our favourite browser and switching is like saying goodbye to an old friend that you may never see again but if you want to see your PayPal account then you need to switch to a browser that is compliant.
As I write this the only compliant browser is the latest version of Chrome. If you want to test your browser just to be sure then here is a link to a site that will test your browser where you can do that.
The next thing to do is to upgrade your shopping cart software so that it can continue to talk to PayPal.
If you use Zencart and you can handle your own coding upgrades then you will find this link useful.
If you use Zencart but can’t do your own upgrades then you should refer your website designer to that link so they can do the upgrade for you.
If neither you nor your web designer have the skills necessary to upgrade then we can do the upgrade for you. You can email me here for more details but I should tell you that our prices start at $50.00 for a simple in and out job.
If you use some other shopping cart software then look for help in that software’s support forums, refer it to your web designer or use that email address to contact me and we MAY be able to make the necessary changes to make your shopping cart compliant with PayPal’s new requirements.
The bottom line?
if you use PayPal to process your online shop transactions then you need to make the necessary changes to your software … NOW.
Wait till the last minute to get someone to make the changes for you and you could be waiting for days for the changes to be made because the demand on those who can make the changes is going to be huge.
Do nothing and your online shop will stop working for you.
by