Oh Poo! Poodle may break PayPal checkout

No primary category set

PoodleSecurity researchers at Google have announced a “Poodle” vulnerability in SSL 3.0. We don’t expect that means much to you, nor the full name – Poodle stands for “Padding Oracle On Downloaded Legacy Encryption“.

What it does mean is that PayPal may be broken for some ecommerce sites as PayPal unplugs SSL 3.0 support, so if your PayPal checkout is borked now you know why.

PayPal have said “we’ve determined that we must disable SSL 3.0 support as soon as we reasonably can. Unfortunately, this necessary step may cause compatibility problems for a few of our customers resulting in the inability to pay with PayPal on some merchant sites or other processing issues that we are still identifying. However, we can’t stress enough that this short-term inconvenience is heavily outweighed by the PayPal brand promise of keeping our customers and their money safe. For us, it’s that simple“.

PayPal plan to remove SSL 3.0 support completely over the coming days. Users affected will need to upgrade their checkouts to use Transport Layer Security (TLS) instead which should already have replaced most PayPal SSL 3.0 installations, however some still fall back to SSL 3.0 for legacy browser support. Plus many browsers will retry failed TLS connections by using older protocols including SSL 3.0.

I guess it’s a case of PayPal have the latest tools available, but the one thing that they can’t do is force users to update their software to the most up to date versions available. Around 10% of Tamebay’s traffic still comes from users of Windows XP or earlier and indeed many corporate companies never upgraded to Windows 7, let alone Windows 8.

One Response

  1. HOW TO FIX THE CURRENT SSL CONNECTION ISSUE WITH PAYPAL AND OTHER SSL SECURED WEBSITES. – By Daniel Stubbs http://www.stubbsdomains.co.uk

    I have just spent 2 hours around a friends house solving an SSL connection issue. This issue was affecting all SSL secure sites, including access to PayPal. The screen came up with a SSL connection error, that initially looked like the internet had dropped out. But most other websites loaded fine. Very Strange. I have never seen anything like this and it took me a while to work it out. However, I did get it cracked eventually. It turned out to be quite simple to fix. I imagine this issue is causing people a lot of issues, so I thought I would share how to solve the problem.

    This is a worrying issue because it apparently established itself. I wonder whether an automatic update was to responsible for this SSL connection issue. This issue was apparent in both Mozilla Firefox and Internet Explorer, here’s how I fixed both of them.

    To Fix Firefox

    To fix this issue, first download the latest version of Firefox as a download file on your computer. Then you may want to backup your bookmarks. Go to BOOKMARKS, SHOW ALL BOOKMARKS, IMPORT AND BACKUP, BACKUP and save your bookmarks file to an easy to access file folder. You are going to need to uninstall Firefox completely, and then re-install it. Merely updating to the latest version of firefox, will not solve this issue. Go to START, CONTROL PANEL, PROGRAMS, UNINSTALL A PROGRAM, find Firefox. Uninstall completely. Once uninstalled, find the download file you just downloaded a moment ago (Normally in the Downloads section, go to START, COMPUTER, and its in the top left corner under Favourites.) Launch the FireFox setup file to re-install FireFox from scratch back on to your computer. This will solve the issue.

    To Fix Internet Explorer

    You may want to backup your bookmarks before starting this procedure. Once you’ve done this click on the cog/gear wheel in the upper right of the internet explorer window, and go to Internet Options. Go to the Advanced tab on the top right hand corner. At the bottom of this page is an option to Reset Internet Explorer Settings. Click the Reset button, this will bring up an “are you sure screen”, click on reset to confirm the reset. You will need to close and re-open the internet explorer application after resetting. This should solve the issue.

    If for some reason this does not work. You will need to roll back to an earlier version of windows (my friend was running IE 9 on an old XP machine) and then do the above RESET procedure again.

    It turns out you can’t actually find Internet Explorer as a PROGRAM to uninstall the same way as any other application. Thanks very much for that Microsoft by the way! So to roll back to an earlier version of windows, you need to uninstall an Internet Explorer Update. To do this go to START, ALL PROGRAMS, and go to WINDOWS UPDATE. Click on VIEW UPDATE HISTORY, At the top of this page is a link to INSTALLED UPDATED. Click on this. Depending on the speed of your computer, this may take a while to load up fully. Go down to the section for MICROSOFT WINDOWS. In that section somewhere you will find a file that says WINDOWS INTERNET EXPLORER, followed by a version number. Click on this, go to the top part of the page and click on UNINSTALL. Follow this through to roll back to windows 8. You will need to reboot your whole computer, or do a full shutdown, and then turn it back on again. When it loads up, it probably will have rolled back to Version 8.

    Once you’ve done this click on the cog/gear wheel in the upper right of the internet explorer window, and go to Internet Options. Go to the Advanced tab on the top right hand corner. At the bottom of this page is an option to Reset Internet Explorer Settings. Click the Reset button, this will bring up an “are you sure screen”, click on reset to confirm the reset. You will need to close and re-open the internet explorer application after resetting. This should solve the issue.

    I hope this was useful to you.

    Daniel Stubbs
    StubbsDomains.co.uk

RELATED POSTS..

Shopify Amazon Pay to end - Amazon respond with increased reserves

Shopify Amazon Pay to end – Amazon respond with increased reserves

Temu MASA Certification for User Security and Privacy

Temu MASA Certification for User Security and Privacy

Amazon Disbursements held due to unmet UK business establishment requirements unfreeze disbursements says Minister

Enterprise minister tells Amazon unfreeze disbursements

Amazon Disbursements held due to unmet UK business establishment requirements unfreeze disbursements says Minister

Amazon Disbursements held due to unmet UK business establishment requirements

Ecommerce SNAFU - Swearing & Cancelled Deliveries

Ecommerce SNAFU – Swearing & Cancelled Deliveries

ChannelX Guide...

Featured in this article from the ChannelX Guide – companies that can help you grow and manage your business.

Latest

Take a look through a selection of the latest articles on ChannelX

Register for Newsletter

Receive 5 newsletters per week

Gain access to all research

Be notified of upcoming events and webinars