Yesterday, Google published a post that exposes a vulnerability in the design of SSL version 3.0. This flaw is similar to the Heartbleed bug exploited earlier this year but not nearly as serious.
(Photo : greg westfall | Creative Commons)
It’s called POODLE (Padding Oracle On Downgraded Legacy Encryption) and exploits a vulnerability in one of the Internet’s security protocols (SSL or more commonly known as https in your browser) and could potentially give an attacker access to sensitive information.
In order to protect our users from the POODLE vulnerability in SSL, we have disabled support for SSLv3 across our entire platform.
You don’t need to take any action regarding our site or services. This change will prevent attackers from exploiting the vulnerability and keep SSL sessions secure.
The downside to this is that very old systems, starting with Internet Explorer 6.0 on Windows XP, do not support any version of TLS. These browsers will not be able to make an HTTPS connection through our servers.
This is an extremely small portion of Internet users (less than 0.1% of all users) and these users should consider installing an modern browser such as Mozilla Firefox or Google Chrome.
Both browsers support newer SSL standards and are not impacted by this change.
About Heartbleed
The following is a snippet from heartbleed.com on the Heartbleed bug.
The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).
The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.
OneAll is not affected
We are happy to confirm that the SSL version used by the OneAll platform is not affected by this bug. You don’t need to take any action regarding our site or services.
A couple of days ago we have added the german platform Xing to the social networks available for our Social Login service.
XING is the social network for business professionals. It has more than 13 million members worldwide and over 6 million of whom are based in German-speaking countries.
XING is a platform where professionals from all kinds of different industries can meet up, find jobs, colleagues, new assignments, cooperation partners, experts and generate business ideas.
By using your Social Login service you can now easily allow any Xing member to authenticate with their profile on your website. If you have many german speaking users, you should definitely integrate this provider.
We are proud to announce you that we have released Social Login for Joomla!
OneAll Social Login for Joomla! is a professionally developed and free extension that allows your users to register and login to your Joomla! website with their existing social network account.
Read Full Post »
We are proud to announce you that we have released Social Login 2.0 for WordPress: http://wordpress.org/extend/plugins/oa-social-login/
During the last couple of months the plugin has been downloaded more than 20.000 times and many users send us their feedack. Thank you very much for this great success!
Read Full Post »