Support: (818) 313-6300   Sales: (800) 521-4594   FAX: (818) 313-6313
NAVIGATION
SEARCH
HOME
ABOUT
EVP SYSTEMS
OUR PRODUCTS
& SERVICES
TUTORIALS
FAQs
DOWNLOADS
& CDs
PROFESSIONAL
SERVICES
SIGN UP
LEGAL &
COMPLIANCE
RELATED SITES
CONTACT
CUSTOMER
PRAISE
SPECIAL SECTIONS
IRS USERS



October 16, 2014
EVP Systems Unaffected by "Poodle" Vulnerability
RELATED LINKS: HEARTBLEEDSHELLSHOCK

As with "Heartbleed" and "Shellshock," EVP Systems' servers are unaffected by the newly-announced "Poodle" SSL vulnerability. No authorized access has been allowed because of Poodle, nor has any client data been affected.

"Poodle" is a recently discovered flaw in the Secure Socket Layer Version 3, a security protocol used by older Web browsers and servers. The flaw allows a "man-in-the-middle" to intercept supposedly secure communication when it is encrypted with SSLv3 and view the messages.

The most common solution to mitigating Poodle is to simply stop using SSLv3. While modern Web browsers use the still-secure TLS by default, they can be tricked into falling back to SSLv3 and become vulnerable when talking to SSLv3-capable servers. By disabling SSLv3 on the server, you can be assured that no decipherable requests can be sent to it. By disabled SSLv3 on the browser, you can be assured that it will not make those requests.

EVP Systems has taken these measures. Our internal browsers have had their ability to send SSLv3 requests disabled, so that no out-bound communication can be intercepted. Our servers have had the ability to accept SSLv3 requests disabled.

This last action is a moot point, however, since EVP Systems does not use SSL in any of its Internet-based communications. Our website uses the HTTP protocol (which is unaffected by Poodle) and out applications and data center, by design, do not pass proprietary or confidential information over the Internet. Our e-mail is hosted by Google, accessed through Outlook using TLS, and our internal files are stored on Dropbox using their secure desktop client.

If you have any questions about Poodle or any aspect of security at EVP Systems, please don't hesitate to write us at support@evpsys.com.