POODLE Internet Vulnerability
At Community 1st Bank we take your security very seriously. We are taking action to protect you against this latest security threat, and providing these answers to frequently asked questions to help you understand how POODLE could affect you -- not just on our website, but throughout the internet. If you use Internet Explorer 6 or older, please be sure to refer to the special instruction at the bottom of this page to ensure you can access our site after November 5th.
What is POODLE?
POODLE is a recently recognized bug within web browsers (i.e., Firefox, Chrome, Internet Explorer, etc.) that could make someone vulnerable to an attack by a cyber-criminal.
Why the name POODLE?
It is a technical acronym that stands for Padding Oracle On Downgraded Legacy Encryption, which describes the vulnerability danger.
How does someone fall victim to a POODLE attack?
The two most likely scenarios are: 1) they are tricked into visiting a malicious website, such as clicking a link within a spam email; 2) they utilize a shared internet gateway, such as a WiFi system at a coffee shop, where a cyber-criminal inserts themselves between the user and the websites they visit. Though, any "man in the middle" attack scenario, such as compromising their home network, could be a gateway to a POODLE attack.
How likely is someone to fall victim to an attack via POODLE?
No one knows for sure. The general consensus among the security industry is this threat is not particularly high. Presently there are no reports of a POODLE attack. It is, at this point, merely a known vulnerability that an attacker could exploit. Keep in mind, there are a lot of methods an attacker could utilize to initiate an attack. Safe web browsing is always recommended to help protect yourself.
How does it actually work?
There are a lot of highly technical explanations available online; here is a high-level summary. Web browsers, websites, and servers use encryption to make online forms and logins safe. These technologies are often updated for improvements and added security. But web browser updates sometimes allow for "backward compatibility," meaning the browser could revert to an earlier version in the event a particular website can't support the update yet. An attacker could force a user's web browser to revert back to a much earlier version of encryption technology that the attacker now knows how to penetrate.
Is my web browser going to create a new update to protect against POODLE?
Yes. All browsers are working on updates. Many industry experts cite late November as a target date, though an exact timeframe may not be available depending on which browser you use. Unless you have selected to not accept automatic updates from your web browser, the update should happen automatically.
What is Community 1st Bank doing to protect me against POODLE?
We are deploying a security measure on November 5th that will prevent our website from working when the earlier version of encryption technology is being used. This means that if an attacker uses this POODLE vulnerability while you are visiting our site and forces your browser to use the old encryption technology, our website won't respond.
Does this mean I wouldn't be able to see or visit your website?
Correct. If you were attacked, you wouldn't be able to see our website. This is to prevent the attack from being successful. It would be much better for you to be unable to visit our site temporarily than to allow a cyber-criminal access to your online banking account. In the rare likelihood that this scenario occurs, please contact us and we can help you regain access to our website.
If this is a threat, why are you waiting until November 5th?
The threat isn't especially severe, and there are no reports of POODLE being utilized. Thus we have weighed mitigating factors into our deployment date. First we need to ensure there are no unwanted bugs that occur when deploying this solution. We are always diligent to ensure your security and convenience in using our online channels. We are also giving our account holders that use the browser Internet Explorer 6 the opportunity to see this message and update their browser. Once we deploy this fix, these users will no longer be able to see our website if they do not update.
Special Instructions If You Use Internet Explorer 6 or Older on a Windows XP Operating System
To continue to access our website after November 5th you must update your browser. Step-by-step instructions are available at this website:
Internet Explorer 6 (IE6) is a very old web browser that is well known to be among the least secure browsers available. Even Microsoft, the company that creates Internet Explorer, has been urging its customers for many years to no longer use IE6, and has discontinued support of it.
Why won't IE6 continue to work after November 5th while other web browsers will?
Because IE6 was created in 2001 and is not able to utilize security technologies that have been developed since then.
Will it just be your website that I won't be able to use?
No. A large number of companies are deploying this same measure. It is important for you to update to a more modern browser. Otherwise it is likely that you will not be able to utilize much of the internet. If you are still using the Windows XP operating system (also no longer supported by Microsoft), the most modern version of Internet Explorer you can update to is IE8, originally created in 2009. Alternatively, you could choose to use a more modern version of another browser, such as Firefox or Chrome.