POODLE Attack
HostGator's Response to the POODLE Attack
An attack using the POODLE vulnerability is extremely difficult - several conditions and prerequisites would be required, and our Security team already had countermeasures in place for several of these. However, we have disabled SSL 3.0 completely from our core servers out of an abundance of caution. We also have other measures in place to block the (already very difficult) exploitation of this vulnerability.
What is the POODLE Attack?
Software that communicates across the Internet protects sensitive information by encrypting the data it is sending. Most programs are designed to use up-to-date protocols for encryption and fall back to earlier, less secure protocols such as SSL 3.0 if more modern encryption methods are not available.
POODLE takes advantage of this design by convincing programs to fall back to SSL 3.0, an older protocol that is much more vulnerable to attack than newer protocols.
This vulnerability is less severe than the recent Heartbleed & Shellshock vulnerabilities. However, HostGator is very serious about protecting your data, and we want to underscore that our platform is safe from attacks exploiting the POODLE vulnerability.
Services Affected by POODLE
The main effect you might see from POODLE comes not from the exploit itself but from the steps being taken to mitigate it. SSL 3.0 support is being withdrawn from new versions of many popular programs, and more recent releases of browsers like Chrome and Firefox will not be vulnerable to POODLE.
As a rule, if your software is running the most recent available update, you should not have to worry about POODLE attacks.
Older plugins to popular programs like WordPress may have been dependent on SSL 3.0, and updates to browsers and operating systems might cause issues with these. Updating your plugins and addons to the newest version and consulting the designers for support is suggested.
Online services are also dropping support for SSL 3.0, including PayPal and Cloudflare. You may have received notices explaining this change, and some issues might arise from updates by those services. Most are being pro-active in addressing their customers' needs, and we urge you to consult with any service you use to review any changes required on your part.