At Equitable Bank, we take your security seriously. We are taking steps to protect you against the POODLE SSLv3 exploit, which is considered a medium risk, and providing these answers to help you understand how POODLE could affect you — not just on our website, but throughout the internet.
ACTION YOU MUST TAKE:
Before November 5, 2014, please check your browser version and update if necessary to one of the following:
- Chrome 29 and above
- Firefox 23 and above
- Internet Explorer 8 and above
- Safari 5 and above
To find out what version of your browser you are using, open the browser and go to Tools or About. To update a browser, search the internet for the browser’s website, go to the site and follow their instructions.
If you have any questions or would like help checking or updating your browser, please contact your local branch 781-599-5600.
What is POODLE?
POODLE is a recently recognized bug in web browsers (Firefox, Chrome, Internet Explorer, etc.) that could make someone vulnerable to an attack by a cyber-criminal. It stands for Padding Oracle On Downgraded Legacy Encryption.
How does someone fall victim to a POODLE attack?
The two most likely ways are: 1) they are tricked into visiting a malicious website, such as clicking a link in a spam email; 2) they use a shared internet gateway, such as a WiFi system at a coffee shop, where a cyber-criminal inserts themselves between the user and the websites they visit.
How likely is someone to experience an attack via POODLE?
The security industry has labeled this a medium security risk. Presently there are no reports of a POODLE attack. It is, at this point, merely a known vulnerability that an attacker could exploit.
How does it actually work?
Web browsers, websites, and servers use encryption to make online forms and logins safe. These technologies are frequently updated, but web browser updates sometimes allow for “backward compatibility,” meaning the browser could revert to an earlier version in the event a particular website can’t support the update yet. An attacker could force a user’s browser to revert to an earlier version of encryption technology that the attacker now knows how to penetrate.
Is my web browser going to create a new update to protect against POODLE?
Yes. All browsers are working on updates. Many industry experts cite late November as a target date. Unless you have selected to not accept automatic updates from your web browser, the update should happen automatically.
What is Equitable Bank doing to protect me against POODLE?
We are deploying a security measure on November 5th that will prevent our website from working when the earlier version of encryption technology is being used. This means that if an attacker uses this POODLE vulnerability while you are visiting our site and forces your browser to use the old encryption technology, our website won’t respond.
Does this mean I wouldn’t be able to see or visit your website?
Yes, if you were attacked, you wouldn’t be able to see our website. This is to prevent the attack from being successful. If this occurs, contact us and we will help you regain access to our website.
If this is a threat, why are you waiting until November 5th?
Currently there are no reports of POODLE being utilized. Thus we have weighed mitigating factors into our deployment date. First we need to ensure there are no unwanted bugs that occur when deploying this solution. We are also giving our account holders that use Internet Explorer 6 the opportunity to update their browser.
We at Equitable Bank are ready to help you if needed. If you have any questions, please contact your local branch 781-337-8000.