The Google Security Team recently discovered an SSL 3.0 (SSLv3) fallback security exploit called POODLE (Padding Oracle On Downgraded Legacy Encryption). Through this exploit, an attacker could take over an encrypted session between a browser and a server that supports SSLv3. First, the good news: SSLv3 is an older encryption method. It is only used by a very small percentage of web browsers today such as Internet Explorer 6. Now, the second piece of good news: The solution for fixing this problem quickly is to disable support for it altogether. And that’s just what we have done for Kashoo. To reiterate: Kashoo has disabled SSLv3 support. So what does that mean for you? Ultimately, nothing, unless you use an older web browser such as Internet Explorer 6 (which Kashoo does not even actively support). If you fall into that camp, we highly recommend that you either update to a new version of Internet Explorer or consider a different browser (i.e., Safari, Chrome, or Firefox). Rest assured, your data is safe and your Kashoo experience shouldn’t miss a beat. If you have any questions or concerns, please contact the Kashoo Support desk.
