RGP Fights Poodle Security Threat



On Wednesday Rock Gym Pro blocked access to their software from computers using older versions of Microsoft’s Internet Explorer web browser. The change was in response to news of a security flaw dubbed POODLE found in an outdated but still commonly used security tool used to encrypt traffic between a browser and a web site.

Earlier in the week researchers at Google had released a paper detailing the vulnerability. Computers using older versions of Internet Explorer browser (version 7 and older) could allow someone on the same network, such as a public wi-fi connection, to access and decrypt their web data.

RGP founder Andy Laakmann told CBJ that the POODLE vulnerability did not put any information on RGP servers at risk, nor did the flaw make it possible to access credit card transaction data.  “At risk were those end-users of the RGP booking system or waiver system who were interacting with those services on public networks using the outdated browsers,” he said. “Any data transmitted over those public networks was exposed via the vulnerable encryption technologies before arriving at RGP’s web servers.”

In an email communication to customers RGP advised everyone still using old systems to upgrade to Service Pack 3, which will force an upgrade to Internet Explorer 8. They also urged customers still running Windows XP, which was released almost ten years ago and is no longer supported by Microsoft, to invest in new computers.

While POODLE’s impact appears limited, other recent security flaws like Heartbleed and Shellshock, combined with ever increasing numbers of credit card hacks, have highlighted the importance of keeping computer systems up to date.