End of SSL/Early-TLS Web Security June 30th Potentially Leaving Thousands of Sites Vulnerable to Beast and Poodle Vulnerabilities

The Internet is undoubtedly a complex entity that is made up of literally millions of websites, countless servers, data portals, and even cloud data storage units. The vastness of the Internet alone is enough to astonish the most polished rocket scientist in viewing its complexities and nearly endless amounts of data transmitted daily. The task of protecting data that shouldn't be put in the wrong hands has been an ongoing struggle for nearly as long as the Internet's existence and the implementation of older variations of security layers within websites will be coming to an abrupt end.

Older versions of SSL (Secure Sockets Layer) and early-TLS (Transport Layer Security), which hundreds of thousands of websites still utilize, will come to an end in its outdated form on June 30, 2018, for PCI DSS (Payment Card Industry Data Security Standard) compliance. Basically, sites that fail to meet the PCI DDS compliance can no longer accept credit cards or conduct monetary transactions.

SSL and TLS are common security layers utilized within web browsers that initiate a secure connection to transmit data. Fundamentally, TLS, which is an updated and more secure version of SSL, is a standard used in security certificates issued to websites, so they may encrypt data that is transmitted over the Internet. Sites using the older security layers will be vulnerable to popular vulnerabilities and will be forced to apply updated security certificates before they come under attack by known Beast and Poodle vulnerabilities.

Update now or face the Bite of the Beast and Poodle

The vulnerabilities that hundreds of thousands of websites utilizing security layers whose support will be shuttered on June 30, 2018, are dubbed Beast and Poodle. Beast and Poodle vulnerabilities are attack entities that target secured internet traffic leveraging outdated SSL/TLS certificates operations. Such security connections will cease to exist using updated web browser applications after the date of June 30, 2018 if sites wish to remain PCI DSS compliant.

The impact of Beast and Poodle will be seen on a new level after the June 30th date has passed, and sites that failed to apply updated SSL or TLS security certificates become vulnerable to an attack. In most cases, attacks leveraging the Poodle vulnerability will inject malicious JavaScript code to start an attack that initiates about 256 requests to uncover a single cookie character. Within those cookie characters, which will require several repeated requests to discover, hidden data can be revealed and collected by a cybercrook.

Most Sites will be fine, but few could be Culprits of Data Mishaps

Most websites today use TLS 1.2, which is an accepted requirement by many companies, governmental offices, and fortified outfits like banking institutions. Web browser application authors also have an obligation to assure their end-users of TLS 1.2 security connections versus outdated and nearly dead security layers. Unfortunately, users won't clearly identify outdated certificate sites or ones using the latest TLS level of security unless there is a clear identifier or method of verifying a secure connection within their web browser application. Fortunately for most, web applications do a good job right now of identifying established security connections, most often within the URL address bar. Some web browser apps have released updates to work around and mitigate the Beast and Poodle vulnerability issues. Though, utilizing an older or outdated browser may put computer users at risk.

Reportedly, by reviewing many Internet security sources, a large number of websites and services are finally ending their support for the outdated and nearly dead TLS 1.0 and 1.1, which were once found to be vulnerable to Poodle and Beast attacks in the past. The weakened security of older TLS and SSL variations have succumbed to many attacks since its introduction in 1999. The cryptography used in older TLS and SSL protocols has been abused many times over and its due time that websites put them to rest and start utilizing the latest TLS 1.2 version and later TLS 1.3, which will hopefully be released within the year to implement improved security measures for website encryption connectivity.

Computer users are strongly urged to pay special attention to their connection status to any website that they visit. It's especially important to verify a secure connection when using sites that transmit personal data, such as your banking website, government sites, and even social media networks like Facebook. After all, Facebook's recent data exposure debacle should be enough to scare computer users into verifying a secure connection with any website that they visit and relinquish personal information.