|Posted: November 3, 2014, 6:28 pm - IP Logged|
I have just completed some upgrades to security at Lottery Post. Most people will not notice any difference, but some users of very old operating systems or browsers may be impacted.
I apologize in advance if you're allergic to "techno-babble". In any discussion of Internet security there's really no way to get around it. I'll try to be descriptive, while still including the technical details.
There are two main upgrades that have been completed.
First, older SSL security protocols have been disabled. Security protocols are the way that your browser communicates with Lottery Post when you are using a secure connection — when the address (URL) starts with "https://". This is used for pages like the Log In page, so that your password is securely passed over the Internet.
Recently researchers working for Google determined that there is a major design flaw in an older protocol called SSL 3.0. (You may have heard about it, called the POODLE attack.) Because it is a design flaw in the protocol itself, there is no way to issue a patch to the operating system to fix it. The only fix is to disable the protocol itself. So that's what I have done at Lottery Post.
For most people, you would never know that I disabled it. All modern Web browsers can use a different, more recent protocol called TLS (Transport Layer Security), which does not have any known security risks.
The only browser which users will notice a problem is Internet Explorer 6 (IE6). For users of that browser (and frankly nobody should be using it anymore!) it is not configured by default to use TLS, so you'll have to enable it yourself. I have prepared a simple instruction guide to do it.
The second security change is that I have upgraded the type of security certificate used at Lottery Post to a more secure type, using something called SHA256.
Researchers have determined that an older type of certificate (using SHA1) has flaws, and the industry is working to eliminate the use of older SHA1 certificates. In fact, Microsoft and Google have issued statements that by 2016, SHA1 certificates will not even be permitted within their Web browsers. (Google is taking an even more strict approach, "outlawing" them within Google Chrome in 2015.)
Like the first change, most people will notice no difference in the way anything works or operates. The only people who will have a problem is users of very old mobile devices and Windows XP users who do not have Service Pack 3 installed.
So, if you have Windows XP and you have a problem with a secure page at Lottery Post (or USA Mega), simply apply Microsoft's Windows XP Service Pack 3 (a free download), and you'll be good to go.