Announcement

Collapse
No announcement yet.

Authorize.net and Poodle - anything we need to update?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Authorize.net and Poodle - anything we need to update?

    Authorize.net sent out an email today about Poodle. Is there anything that customers who use Auth.net need to worry about? The full text of the email is below.
    Thanks,
    Susan

    Dear Authorize.Net Merchant:
    As you may be aware, an Internet-wide security issue, commonly referred to as POODLE, has been identified in the last two weeks and affects anyone using older Web browsers that use SSL version 3 (SSLv3), specifically Internet Explorer (IE) 6. This issue creates a vulnerability that could allow hackers to gain access to any connection using this outdated Web browser.
    Authorize.Net itself is not vulnerable to POODLE, but we are making changes to our systems to assure that we are providing our merchants and their customers with the highest degree of security possible.
    To that end, on November 4, 2014, we will be disabling the use of SSLv3 within our systems. This means that if your website or shopping cart solution uses SSLv3 to send transactions to Authorize.Net, you will no longer be able to process transactions. You will also no longer be able to access any secure Authorize.Net pages from IE6.
    We expect that a minimal number of our merchants will be affected. However, because we do not control how your particular site or solution sends transactions to us, this change could potentially impact your transaction processing. Please immediately contact your web developer or shopping cart solution to see if you will need to make any changes to your site or solution before November 4th.
    Most modern shopping carts do not use this old technology in their solutions-in general, POODLE will only affect solutions that are older and use SSLv3. But again, because we do not control which method your systems use for transaction processing, we are not able to advise whether or not this change will affect you site or solution. We strongly urge you to contact your web developer or payment solution provider to find out for sure.
    We apologize for the short notice, but security is of the utmost concern. Authorize.Net and most other payment and technology companies are disabling SSLv3 as soon as possible to help make sure that hackers aren't able to exploit this vulnerability.
    If you have any questions regarding this change, please review our POODLE FAQs. You can also check out this post in the developer community for instructions to give to your web or solution developer regarding the upcoming change.
    Thank you for your prompt attention to this urgent issue.
    Sincerely,
    Authorize.Net
    Susan Petracco
    NetBlazon

    1.866.400.2444

    _____________________________________________

    Like us on Facebook

    #2
    Re: Authorize.net and Poodle - anything we need to update?

    If you're hosted with us, then no.

    If you're not hosted with us, you'll need to make sure your Miva Engine is 5.17 or higher (and it's worth going all the way to 5.20 since that's what's needed for 9.0.0).
    Thanks,

    Rick Wilson
    CEO
    Miva, Inc.
    [email protected]
    https://www.miva.com

    Comment


      #3
      Re: Authorize.net and Poodle - anything we need to update?

      Also we've been keeping this updated about POODLE: http://www.miva.com/blog/PayPal-Auth...-Vulnerability
      Thanks,

      Rick Wilson
      CEO
      Miva, Inc.
      [email protected]
      https://www.miva.com

      Comment


        #4
        Re: Authorize.net and Poodle - anything we need to update?

        Thank you, Rick.
        -Susan
        Susan Petracco
        NetBlazon

        1.866.400.2444

        _____________________________________________

        Like us on Facebook

        Comment


          #5
          Re: Authorize.net and Poodle - anything we need to update?

          What about various after market modules? Do they need to be updated for POODLE?

          Comment


            #6
            Re: Authorize.net and Poodle - anything we need to update?

            What about various after market modules? Do they need to be updated for POODLE?
            No, the connection to use SSLv3 or not, is controlled at the Miva Engine level. As long as your engine is up to date there should be nothing else to do.
            Thanks,

            Rick Wilson
            CEO
            Miva, Inc.
            [email protected]
            https://www.miva.com

            Comment


              #7
              Re: Authorize.net and Poodle - anything we need to update?

              We currently have a site running 5.16. Authorize.Net has blocked us from processing transactions.

              SSLv2 and SSLv3 have been disabled on the server.

              We are not interested in upgrading this instance of Miva at this time. Is there another way around the POODLE issue and stay on our current version?

              Comment


                #8
                Re: Authorize.net and Poodle - anything we need to update?

                We are currently on 5.16 with no plans to upgrade in the near future. Is there anything that can be done to modify the connection to Authorize.Net so they will allow it? They cut us off a couple of days ago.

                Comment


                  #9
                  Re: Authorize.net and Poodle - anything we need to update?

                  No there is no workaround, but you do realize that the Empesa engine (which is what needs upgrading, not the Miva store itself) is a free download to anyone, right? All you need to do to fix this problem is to upgrade your engine to 5.20.
                  Thanks,

                  Rick Wilson
                  CEO
                  Miva, Inc.
                  [email protected]
                  https://www.miva.com

                  Comment


                    #10
                    Re: Authorize.net and Poodle - anything we need to update?

                    Originally posted by Rick Wilson View Post
                    No there is no workaround, but you do realize that the Empesa engine (which is what needs upgrading, not the Miva store itself) is a free download to anyone, right? All you need to do to fix this problem is to upgrade your engine to 5.20.
                    No, Rick, I did not realize that. We inherited this site from a previous project, so nothing is know about it here.

                    Currently, the DB is running from dBase. Is that an issue for the engine upgrade?

                    Thanks for the information.

                    Comment


                      #11
                      Re: Authorize.net and Poodle - anything we need to update?

                      We have seen an increase in license server failures with customers not hosted with Miva. The cause is pre-5.17 Empresa. They are trying to connect using sslv3. I suspect that any other licensing systems that use secure MvCALL are also going to fail.

                      Just another reason to take advantage of the free upgrade sooner than later.
                      Gordon Currie
                      Phosphor Media - "Your Success is our Business"

                      Improve Your Customer Service | Get MORE Customers | Edit Any Document Easily | Free Modules | Follow Us on Facebook
                      phosphormedia.com

                      Comment


                        #12
                        Re: Authorize.net and Poodle - anything we need to update?

                        The engine upgrade won't impact the database structure at all.
                        Thanks,

                        Rick Wilson
                        CEO
                        Miva, Inc.
                        [email protected]
                        https://www.miva.com

                        Comment

                        Working...
                        X