ETELESOLV HAS ADDRESSED THE SECURITY CONCERNS AND OUR SERVER ENVIRONMENT IS PROTECTED
Vincent Parisien, Cimpl’s Vice-President of Technology, made a statement regarding the Poodlebleed bug and Cimpl’s security-readiness: “I would like to assure all of our loyal customers that the Poodlebleed bug has not been used against them via any of Cimpl’s products and services. We have disabled SSL 3.0 as recommended by industry experts. In order to ensure that we are completely secure, we have tested and inspected all of our operations - and we have confirmed that we are not at risk from the Poodlebleed vulnerability.”
And now, some specifics!
1) What is the Poodlebleed bug?
The ‘Poodle’ of the Poodlebleed bug stands for Padding Oracle On Downgraded Legacy Encryption. It is a vulnerability in SSL 3.0 that allows hackers to decrypt to plaintext of secure connections.
2) What is the scope of the problem?
All browsers that do not support TLS__FALLBACK SCSV are vulnerable to the bug. Current versions of google chrome are the only browser that supports TLS__FALLBACK SCSV It is for this reason that it is recommended that if you are using another browser, you disable SSL 3.0.
Some final words…
Here at Cimpl, we do our best to stay up to date on current security trends in order to protect ourselves and of course our clients. If you have any questions regarding the bug or regarding our signature product Cimpl we would be happy to answer, just contact us! As Canada’s leader in IT and telecom expense management, we are always available to discuss security issues and help our clients protect themselves.