Skip to content

Nelnet Improving Website Security to Avoid POODLE Vulnerability

November 14, 2014

Google recently reported a vulnerability in SSLv3, an online security protocol that encrypts a website user’s data to keep it secure. The vulnerability, known as Padding Oracle on Downgraded Legacy Encryption (POODLE), allows attackers to get past this security and access a user’s account without a password.

If no action was taken, POODLE could potentially affect any portion of our websites that requires a login and supports SSLv3, such as online borrower accounts and Nsight Plus. We want to reassure you that Nelnet is quickly taking necessary steps to protect you and your students. Here’s how:

  • We have made the decision to stop supporting SSLv3.
  • We have notified critical vendors of our decision to stop supporting SSLv3.
  • We are identifying all applications that could be affected by POODLE.
  • We are finalizing a plan to disable SSLv3 and ensure that more advanced security protocols are supported throughout Nelnet.

Our current timeline for these changes is targeted for November 25, 2014. You and your students will not see anything different when accessing our websites unless you have a very outdated browser (ten years or more). In that case, you will be redirected to a warning page that explains the danger of continuing and recommends upgrading to a more current browser version.

For more information, you can visit:

If you have further questions, feel free to fill out our contact form.

 

Kristin Tobias, Communications Coordinator, Nelnet

Kristin Tobias, Communications Coordinator, Nelnet

No comments yet

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: