Another SSL vulnerability - the POODLE bug

We received this communication from our primary hosting provider, Steadfast Networks in Chicago, Il.

[Fri, 17 Oct 2014] - Another SSL vulnerability - the POODLE bug, has been detected. Server-side measures taken.

Just a few months after the Heartbleed bug shattered the believed-to-be-secure SSL/TLS encryption layer status quo and put data transfers, emails, instant messages, etc. at risk, a new SSL vulnerability has been brought to light by Google experts.

According to Google researchers, a weakness in the SSL 3.0 protocol could be used to eavesdrop critical data that is transferred over an encrypted connection between web browsers, apps, etc. and servers.

The ‘new’ bug is called POODLE – an acronym for Padding Oracle On Downgraded Legacy Encryption.

The mechanism of the POODLE attack

The newly discovered POODLE exploit poses a great threat to online security, since it affects an old SSL version, which is still widely used by the majority of servers and clients.

It allows hackers to outsmart a web client by telling it that the server does not support the more secure TLS (Transport Layer Security) protocol, so the client is forced to connect via SSL 3.0.

This downgrade maneuver opens the door of abuse and attackers can freely decrypt secure HTTP data and steal the protected information.

Measures taken against POODLE attacks

With the discovery of POODLE, the security specialists at Google instantly recommended measures for dealing with this encryption issue.

First and foremost, the SSL 3.0 protocol needs to be disabled for both participants in the SSL communication – the server and the client, and they need to default to the more secure TLS. This will stop attackers from forcing the communication to go through the exploited SSL 3.0.

Server-side measures:

In response to the Google team’s recommendation, our web hosting servers no longer support SSL 3.0 and older versions of the protocol. Also, our admins have set the minimum SSL requirement to the provenly secure TLS 1.0.

NOTE: As a result, an Internet Explorer browser whose version is 6.0 or older will not be able to access websites hosted on our servers.

Client-side measures:

As far as web clients are concerned, Google specialists recommend that end users immediately disable SSL 3.0 support in their browsers, if such exists. 

In response to the issue, Google plans to remove SSL 3.0 support completely from all its products in the upcoming months. Currently, they even offer a Chromium patch, which disables the SSL 3.0 fallback.

Mozilla has also announced plans to turn off SSL 3.0 in Firefox and it will be disabled by default in Firefox 34, which will be released in November. They also offer code for disabling the protocol, which is now available via Nightly. Also, you can use the SSL Version Control add-on for Firefox.

Here you can find details instructions on how to disable the use of SSLv3 for the most common browsers and Operating Systems - https://zmap.io/sslv3/browsers.html.

Upcoming actions against POODLE attacks

To further secure our system against future downgrade attacks, our admins are also planning to implement TLS_FALLBACK_SCSV (Transport Layer Security Signalling Cipher Suite Value) on all our servers shortly. We’ll keep you posted.

How to Restore Search Functionality to Roboform for Android

If you use Roboform on your Android device, you have no doubt found that the new user interface doesn't allow you to search your logins. The default search function will search logins, bookmarks and passcards, but when you tap the search result the browser goes to the URL instead of displaying the passcard. We use Roboform on Android to store credentials for use with other apps, so for us the default behavior is terribly frustrating.

All is not lost. There is no need to change to a different app to store passwords. Just follow these simple instructions:

From within the Roboform app go to Menu => Settings => Navigator.

Uncheck the box for "Load browser by tap on file." That's it!

Now when you type in the URL/Search box the matching passcard names appear in a drop-down list. When you tap a name it will display that passcard. You can then copy and paste your credentials to other apps or select "Go and Fill" to browse to the selected URL.

 

Goodbye Google Checkout - Hello Stripe!

Google recently announced that Google Checkout will shut down on November 20th, 2013. We don't want to run up against their deadline, so we have removed Google Checkout as a payment option in our invoicing system.

We have replaced Google Checkout with Stripe, https://stripe.com/. Stripe processes payments for all major credit and debit cards. It integrated seamlessly with our invoicing system, Freshbooks, https://proepic.freshbooks.com/refer/www. It allows our customers to conveniently pay without leaving the invoicing system.


We know that some of our customers love PayPal, so we will continue to offer PayPal as an alternative payment option.

 

Elegance In Form & Function In Clark Gardens Group Tours Brochure by Pro Epic

 

brochure design by Pro Epic for Clark Gardens group tours fall 2013When Clark Gardens asked us to design a group fall tours brochure that included fall colors, we immediately invisioned a brochure with Clark Gardens in its full fall display as the backdrop.

We went to our archives of photographs of the Gardens that has been building during our long relationship. One image stood out: Oxbow Lake, Hudini the swan with his reflection, and boughs of cypress trees with their variety of colors hanging over the lake. Perfect.

The photograph was edited to have an abstract appearance, to emphasize the colors and impression rather than the details.

The informational text about the fall group tour packages was dressed-up in warm colors taken from the photograph, given a formal appearance, and set almost as a frame of the swan to one side.

A QR code added a quick link to the group tour page of information on the Clark Gardens website for those with smartphone in-hand.

The Clark Gardens team has been generous in their compliments of the resulting brochure. It's our pleasure.

 

Quick Views in Online File Folder

If you’re uploading a video to Online File Folder®, you can get added functionality when you use any of several common file formats. Keep in mind, though, you can upload and share files of any type using Online File Folder.

With certain file types, Online File Folder displays Quick Views of video files. These let you view videos from Online File Folder simply by clicking the thumbnail icons. Quick Views also display for public files, letting anyone with the Public Links view the videos.

To see a list of formats that support Quick Views, you can check out the Help article.

Are you ready to move into the cloud? Online File Folder can help you get there.

Join our Facebook fan pageFollow us on TwitterWatch us on YouTubeSee us on PinterestSubscribe to our RSS news feed

Testimonials

The folks at Pro Epic sat down with me, and listened, while I described my business; really caring about what would be the best for me. They are not just out there selling their business, but offering advise on how to bring the public to a better awareness of how I can serve them. Pro Epic is very professional, and at the same time helped me feel at ease answering all of my questions. I truly recommend their services to help you increase your business.
Teresa Gilbert, Owner, Less Stress Massage, Weatherford, Texas
Pro Epic is awesome at what they do. Give them a chance to help you grow your business.
Constance Frantz, Wright Chiropractic Health Center, Weatherford, Texas
Thank you for your hard work. Mostly I notice that you really are sincere about giving your customers a Website that reflects their vision AND that your communication and efficiency is terrific. In this day and age it is unusual to find. I've enjoyed the process.
Linda Kessler, Owner, Barefeet Yoga, Mineral Wells, Texas
I'm a VERY picky business owner who values communication and professional thoroughness in the companies I deal with. Pro-Epic wins hands down. If you want a website, I highly recommend this company.
Heather Wright, Owner, Wright Chiropractic Health Center, Weatherford, Texas
Pro Epic's professionalism, service, and creative abilities are unequaled in my experience. Their ability to produce materials (website & brochure) presenting our company in a manner which, so accurately reflects the character of our brand is amazing. We appreciate their high standards and desire for excellence! We couldn’t be more pleased! Texas Saddlery has found a home with Pro Epic!
Rory Boren, Co-Founder, VP, CFO, Texas Saddlery
We have had so much positive response regarding our new web site! It has generated new business for us and the blogs that we are adding are driving people in that direction too. Pro Epic has done everything they said they would do, on time, on budget and the follow up afterwards has been wonderful. I have referred Pro Epic to many other clients, including the Weatherford Chamber of Commerce and everyone has been pleased.
Paul Paschall, Owner, Paschall Insurance Group, Weatherford, Texas
I want to let y’all know that we are very pleased with the website. I do appreciate the communication, training and service that was offered. Thank you very much!
Keith Harless, Manager of Engineering/Sales, Antelope Oil Tool & Mfg. Co.
Pro Epic delivered a beautiful website, on time, that functions and looks just the way we wanted it to. Their personal training on how to use our website was outstanding and communication was excellent throughout the whole process. I highly recommend their services! Top qualities: Expert, Good Value, Creative
Kira Connally, Owner, Spectacles West, Weatherford, Texas
Pro Epic Technology Solutions

190 N. Rambling Fork St.
Weatherford, TX 76087
Toll Free 1 (866) 580-3617