On Wednesday Rock Gym Pro blocked access to their software from computers using older versions of Microsoft’s Internet Explorer web browser. The change was in response to news of a security flaw dubbed POODLE found in an outdated but still commonly used security tool used to encrypt traffic between a browser and a web site.
Earlier in the week researchers at Google had released a paper detailing the vulnerability. Computers using older versions of Internet Explorer browser (version 7 and older) could allow someone on the same network, such as a public wi-fi connection, to access and decrypt their web data.
RGP founder Andy Laakmann told CBJ that the POODLE vulnerability did not put any information on RGP servers at risk, nor did the flaw make it possible to access credit card transaction data. “At risk were those end-users of the RGP booking system or waiver system who were interacting with those services on public networks using the outdated browsers,” he said. “Any data transmitted over those public networks was exposed via the vulnerable encryption technologies before arriving at RGP’s web servers.”
In an email communication to customers RGP advised everyone still using old systems to upgrade to Service Pack 3, which will force an upgrade to Internet Explorer 8. They also urged customers still running Windows XP, which was released almost ten years ago and is no longer supported by Microsoft, to invest in new computers.
While POODLE’s impact appears limited, other recent security flaws like Heartbleed and Shellshock, combined with ever increasing numbers of credit card hacks, have highlighted the importance of keeping computer systems up to date.
Climbing Business Journal is an independent news outlet dedicated to covering the indoor climbing industry. Here you will find the latest coverage of climbing industry news, gym developments, industry best practices, risk management, climbing competitions, youth coaching and routesetting. Have an article idea? CBJ loves to hear from readers like you!