• ARRL Updating its Website Security Software

    From ARRL de WD1CKS@VERT/WLARB to QST on Wed Oct 3 21:12:27 2018
    10/03/2018

    The ARRL website will update its security software on Monday, October 15 to meet standards required to continue accepting credit cards for internet purchases.

    "For the vast majority of our members, there will be no impact other than a guarantee of better security when logging into and making purchases on the ARRL website," said ARRL Headquarters IT Department Manager Mike Keane, K1MK. "Only those using old browsers or outdated operating systems will encounter a browser error message when trying to log in or make a purchase on the website."

    These browsers are among those that are safe to continue using:


    o Google Chrome 30 or higher (version 40 or higher recommended)
    o Mozilla Firefox 27 or higher (version 34 or higher recommended)
    o Microsoft Internet Explorer 11 or higher
    o Apple Safari 7 or higher (Safari 5 or higher on mobile)
    o Microsoft Edge, all versions
    o Opera 17 or higher (version 27 or higher recommended)

    The vast majority of our website users will not have to take any action. Most modern browsers and operating systems will not be affected by the change, as they already support the new security standards. If you are affected, go to your browser vendor's website and download an up-to-date version of your browser.

    To check if your browser will be affected by this change, you can use the site How's My SSL?[1] This will advise you of your browser's version.

    The Deeper Dive

    In order to comply with PCI Security Standards Council requirements, all payment processors, merchants, service providers, and other stakeholders must use TLS 1.1 or higher to ensure the transmission and receiving of secure communications. TLS is a cryptographic protocol that provide authentication and data encryption between different endpoints (e.g., a client connecting to a web server). On October 15, ARRL will disable support for the outdated TLS 1.0 protocol.

    ARRL is making this change to ensure that we are adhering to best industry practices, thereby providing our members, our clients, and other website visitors with a higher level of security for their browsing sessions.

    For the vast majority of our members, there will be no impact other than a guarantee of better security when logging into and making purchases on the ARRL website. Visitors seeing an error message need to update their browsers to a version that supports TLS 1.1 or higher.

    "This the same thing that every other website that requires a username and password or accepts credit cards is doing or has already done," Keane said. "We're meeting an industry security standard."ÿ ÿÿ


    [1] https://www.howsmyssl.com/

    ---
    þ Synchronet þ Whiskey Lover's Amateur Radio BBS