Dear Wikidot Users,
on Tuesday, October 14, 2014, the Google research team released details on a new form of attack on the SSL protocol — the one that underlays the secure connections over https://. It's called POODLE (Padding Oracle On Downgraded Legacy Encryption) and it targets CBC ciphers in SSLv3. Is it serious? Yes.
An attacker can perform a man-in-the-middle attack, force a fall-back to SSLv3 (which is an old, almost legacy protocol) and de facto decrypt "secure" client-server transmission. The attacker must however place himself between the client and the server, e.g. acting as a WiFi access point, or gain access to routers or gateways. It's not that uncommon as you think.
The general recommendation is not to use the vulnerable SSLv3 and completely remove it from the supported protocols.
At Wikidot we have already pulled SSLv3 from all our servers — all our load balancers and all standalone web servers. It should not affect anything from the user perspective, but it greatly improves the security. Want to verify? Try this tool and enter your site URL (or just www.wikidot.com).