First identified during the week of October 13, 2014, POODLE (which stands for "Padding Oracle On Downgraded Legacy Encryption), is the term used to describe the security vulnerability in the SSL Version 3 cryptogram (i.e. SSLv3). This version is used by older Internet browsers specifically Internet Explorer (IE) 6. This vulnerability could allow hackers to gain access to any connection using this outdated Web browser.

The good news, most online shopping carts do not use this old technology within their solutions and therefore POODLE will only affect solutions that are older and use SSLv3. That being said, many internet providers are still making changes to their systems to ensure the proper security measures are in place.

Microsoft announced that SSL 3.0 will be disabled in the default configuration of Internet Explorer and across Microsoft online services over the coming months. In addition, many Internet service providers including payment gateway, Authorize.Net, are working on deprecating or disabling SSLv3 in their systems to prevent any exploits of the vulnerability. This is said to take effect as early as November 4, 2014. This means that if your website or shopping cart solution uses SSLv3 to send secure transactions, you will no longer be able to process them. You will also no longer be able to access any secure pages from IE6.

If you are not using SSLv3, then you will not be affected by the change on November 4th. To best determine if this affects your business, we recommend contacting your site host or solution developer to determine if you are using SSLv3 to submit transactions.

More FAQ's about POODLE are available here

Test your server against the POODLE vulnerability here

Information on how to apply the patch is available here