In response to questions concerning the poodle vulnerability, we wanted to give a detailed explanation of how you could possibly be affected.
The poodle vulnerability is a client attack, not a server attack. As such, it does not pertain to any of the Passageways products, including the Board Portal, though it could conceivably be exploited against clients accessing a portal. The vulnerability would yield the attacker credentials to log into the portal, and so in that sense it could be used to gain access to data inside the portal.
The most important thing to note about poodle is that it only pertains to very specific environments, the most likely of which would be using a malicious Wi-Fi connection. The attacker must be able to inspect the data to and from the client, which means they must have special privileges inside that network. So if you are in the habit of logging onto an unknown Wi-Fi connection, and then logging into a portal, you are at risk of attack, which then threatens the security of the portal.
Since this is a client-directed attack, solutions on the server side are a bit murky. The vulnerability is part of the SSL 3.0 protocol used for secure communication with a website, and there may be patches provided by your provider to address this issue. The old default setting for secure websites hosted via IIS prior to the discovery of the poodle vulnerability allows SSL 3.0 connections. An alternative is to disable SSL 3.0 support on the portal server entirely. It is strongly recommended that you disable all protocols except TLS on the server hosting the portal, as well as on all client machines (disabling it on the server is sufficient to secure the portal, but since it is a client vulnerability, disabling SSL on client machines will prevent any security issues with other websites). This newer protocol, (TLS), is preferred to SSL 3, and is not vulnerable to the same attack. This may result in connection problems for some users, as SSL is the fallback protocol, so if TLS fails, you will not be able to connect.
So in summary, this is a client vulnerability, not a server one. There may be security patches available, which should be installed immediately, as usual. Customers can also disable SSL3.0 to ensure no clients connecting to the portal are vulnerable, but that may cause connectivity issues. All modern browsers support the TLS protocol, but could theoretically be configured to not use it. If a user in that state attempts to connect to the portal after you disable SSL 3.0 connections to the server, they will not be able to connect to the portal.
As a reminder, never, ever, connect to an unknown Wi-Fi network!
If you have any question don't hesitate to contact our support team by emailing firstname.lastname@example.org or calling 765-535-1880 opt. 1.