When you surf the web, you’re doing a bunch of different things at the same time that you might not be aware of. You’re sending and receiving massive amounts of data between multiple servers. That means that the same thing is happening whether you’re surfing for business or pleasure. This can be a scary thought if your connections are secure. Thankfully, most of our connections are secure and we have a bunch of different defenses to help us against some of the web’s worst bugs and viruses. We have firewalls and anti-virus protection software. That being said, these things can still be bypassed. Not to mention the fact that there are hackers out there. The last thing you should have to worry about is your connection security.
Unfortunately, your connection could be at risk of attack.
SSL 3.0
If you’re unfamiliar with the term SSL, it stands for Secure Sockets Layer, and it’s job is to give you a secure connection that you can send and receive private data online without worry of it getting into the wrong hands. As it turns out, there has been a “breach” of sorts. The 3.0 version of SSL has a flaw within its design that allows the “plaintext of secure connections to be attacked by a network attacker.”. If your wondering what exactly this means, it means that if your using SSL 3.0, your connection, along with your data, is at risk to attackers. The bug is claimed to only effect this version of the SSL, but this version of SSL is also about 15 years old. It’s already been replaced many a time by TLS, which is basically the successor to SSL. TLS has come out with multiple versions as well, but many of the TLS versions are still compatible with SSL 3.0. This means that many of the internet browsers that you use can be attacked, since their TLS version might still work with SSL 3.0. Your data isn’t safe if that is the case.
Google Takes Care Of Their Users
We can thank Google for discovering this problem in the first place. They’ve even been kind enough to blog about it in their security blog. Google knows that there have been other attacks on Open SSL as well. Remember Heartbleed? Because of the fact that disabling the support of SSL 3.0 could cause some issues with compatibility, Google recently announced the support of TLS_FALLBACK_SCSV. This new TLS will stop SSL 3.0 from being used if a user tries to reconnect to a bad connection. Chrome, Google’s flagship browser, has supported the new TLS since February of this year and recently did testing to ensure that the security protocol was working correctly by not allowing the connection to be enabled by using SSL 3.0. As long as there is not fallback to that verson of SSL, in theory, Chrome users’ data and connections should be secure.
What About The Rest Of Us?
It would be wise for all of the other web browsers out there to follow suit with Google Chome. Luckily, there are a few browsers out there that get automatic updates. This could, in turn, stave off the SSL 3.0 problem all together. Browsers like Firefox, Internet Explorer, and even Apple’s Safari are expected to release updates, much like that of Google’s, to support the TLS_FALLBACK_SCSV protocol. While these updates should be coming soon (hopefully), that doesn’t mean that all of the websites you go to will still work. Certain websites might not work without the use of SSL 3.0, and for those sites, it’ll be up to the website’s developers to work out the code and fix the issue.
You shouldn’t have to worry about your connection and data privacy online, especially with all the other stresses of the world. If you use Google Chrome, then you’re first on the list to be saved. For those of us who use other browsers (I use Firefox), hopefully we will see our upddates within the next few weeks, if not sooner.
