A while ago we received an email from Amazon stating that someone had recently tried to access one or more MRIC videos that are hosted on S3 using a browser that is configured to use SSLv3.
To give you some perspective on this…SSLv3 was introduced in 1996. It was replaced by TLS in 1999.
We are also told that the most recent browser that is configured to use SSLv3 is IE 6, which was replaced by IE7 in 2006.
All this means that someone is using a very old browser. Normally we would assume that all MRIC members are at least active enough online to have browsers that don’t date back to 2006, but we did get the message, so decided to let you in on this, in case you are affected…
My understanding of all this is quite limited, but in essence, what happened is that about a year ago they discovered that hackers were using an attack which they call POODLE (standing for Padding Oracle on Downgraded Legacy Exception).
When data is sent to a server and is encrypted using SSLv3, it is divided into blocks. There have to be a certain number of blocks, and if the transmission doesn’t have the correct number, there is padding added. Using a method which is quite involved, a hacker can figure out the code in the padding, and this enables him to impersonate his victim. He can then access the victim’s online accounts.
It is not an easy thing to do, so the chances of it happening to any one person are small. Even so, Amazon has decided to discontinue support of the SSLv3 altogether.
So, what does all this mean to you, fair MRIC member?
This is going to happen on May 20, 2015. So, if you try to access any of our videos on or after that date and are unable to do so, the first thing you need to do is make sure your browser is up-to-date. If it is, please open a support ticket and send Anne a description of what you are experiencing.
We have been assured that the players we are using are not an issue and that if anyone is having trouble it means that their browser is outdated.
If you are a geeky-type and need a better explanation, you might start with this video:
SSLv3 Poodle Vulnerability (CVE-2014-3566): Description and High-Level Mechanics
It seems to give a relatively thorough explanation and uses very few 5-dollar words.
If you like this lesson (and are not already a member of the Marketing Rebel Insider's Club), you will be glad to know that there is a vast library of small business marketing lessons and training programs just like this...
...including:
David’s Deutsch’s Advanced Copy & Marketing Tips (previously only shared with members of his Inner Circle)
Hot Seat Seminars and Copywriting Sweatshops (You’ll watch John Carlton and his team of experts break down business and marketing problems and assemble profitable campaigns and business models on the fly.)
John Carlton’s Most Successful Ads (One of the best ways to shorten your learning curve is to study someone who's been there and done that.)
Priceless Interviews (Listen in as David gets some of the biggest names in copywriting and marketing to share their best tips and strategies.)
Million Dollar Marketing Secrets (Every month, MRIC members get a masterclass in one of the strategies that David Deutsch has identified as the most effective — full of specific techniques and examples.)
The Scuttlebutt Sessions (These unrivaled recordings include Carlton's classic conversations on marketing and living life deep with some of the most successful marketers of the past 20 years.)
...plus a private Facebook-like chat stream where you can get answers to all of your
questions about marketing tools and techniques, small business growth, and life as an entrepreneur...
...which is only available to members of the
Marketing Rebel Insider's Club.
You can access all of this immediately for less than $1/day.
You will see for yourself why our members love this online club so much...
... and why they don't invest in marketing tools or strategies without first checking in with The Club.
Click Here to start your membership today.
MarketingRebelClub.com
We'll see you on the inside...
Stan Dahl & The Marketing Rebel Team