This blog post is about a security update that is on the horizon for Volgistics. Before we tell you about the update, though, a little background information is in order. So hang on and we’ll get to the information you need in a little bit. (If you’re the tech savvy type and want to jump ahead, go to the What’s Going to Happen? and Extra Considerations for VicNet and VicTouch sections below).
Have you ever wondered why some websites have a little padlock icon in the URL address? Basically, the lock shows that the website you’re connecting with is secure. One thing this means is that the information you send to the website, and receive back, is encrypted during transit. This means even if it is intercepted, it will be a bunch of meaningless gobbledegook to the people who grabbed it.
Transport Layer Security (TLS) is the offshoot of Secure Sockets Layer (SSL) and is one of the methods used to encrypt your information so it is safe as it travels back and forth over the Internet. As with anything valuable, the hackers are always trying to find vulnerabilities in TLS so that they can gain access to your information. Because of this, new versions of TLS are released from time to time as vulnerabilities are exposed in the old versions. This ensures that your information is still safe as long as the newer versions are used.
What’s Going to Happen?
Which brings us to what this blog post is about! Experts have found vulnerabilities in TLS versions 1.0 (1999) and 1.1 (2006) and these vulnerabilities mean that hackers could intercept your information if you do not use a more recent version. To prevent this, Volgistics will require TLS 1.2 for connections to the system after October 15, 2017.
For the vast majority of Volgistics account holders, this will not require any action because most likely you are using an up-to-date web browser that has TLS 1.2 enabled. Or, if action is required, it will be minor such as updating to a new version of your web browser, or making a change to the browser’s settings. If you have any doubts, a quick visit to https://www.ssllabs.com/ssltest/viewMyClient.html will let you know if you have TLS version 1.2. Here is how the section of the website that has to do with TLS will look if everything is okay:
If you visit the website and TLS 1.2 does not show, the easiest fix is to contact your IT team if you have that luxury. If you do not have an IT team, send us an inquiry telling us 1) the device you’re using (desktop computer, laptop, tablet, etc.), 2) the operating system on the device, and 3) the web browser with the version number you’re using. With this information, we will be able to let you know what to do to be ready for the change.
Extra Considerations for VicNet and VicTouch.
Now that you’ve made sure that you will still be able to access the system, you should consider the VicNet and VicTouch modules if you use these.
VicNet. The VicNet module is designed to give volunteers and Coordinators access to the system from computers and devices with Internet access. Checking if the change will cause any issues here will be difficult because you do not know what computers or devices the volunteers and Coordinators are using. In most cases, the change should not cause a problem for VicNet access, or if it does, simple updates to the device or web browser should correct the issue.
The information Volgistics has on VicNet use shows that there are a small percentage of users who still have the Windows XP operating system, or an Android tablet with an older operating system (version 4.4 (KitKat) or older). These are the people who are most likely to report that they can not access VicNet. These users will need to use the Chrome or Firefox web browsers, or upgrade their equipment, in order to access VicNet. From the usage information we have gathered, not many VicNet users will be impacted so it may be easiest to wait to see if users report a problem and then let them know what they’ll need to do.
VicTouch. The VicTouch module is designed to be used as a sign-in station where volunteers clock-in and clock-out when they arrive and depart. You can update this area before October 15, 2017 so you can be ready for the change ahead of time. If you have an IT department available, the easiest approach will be to contact them and let them know that support for TLS 1.0 and 1.1 will be deprecated as of October 15th. They should be able to check if the computers or tablets you use for your VicTouch stations can connect with TLS 1.2. If you do not have an IT team available, the information below will be useful.
From the analytical information we have, the most affected VicTouch connections will be from Android tablets with version 4.4 (or older) operating systems. Android referred to version 4.4 as KitKat, if this helps. The quickest way to see if your device will allow connections with TLS 1.2 is to exit VicTouch and then visit https://www.ssllabs.com/ssltest/viewMyClient.html. You can see an example of how a good connection looks in the What’s Going to Happen? section above.
If you visit the website and it shows you do not have the ability to use TLS 1.2, try using Chrome or Firefox as the web browser instead of the Android browser that comes pre-installed on the tablet. If Chrome or Firefox is not currently installed on the tablet, you will need to download them from the app store.
If you are not able to use Chrome or Firefox to connect with TLS 1.2 on the computer or device you have, you will need to upgrade your equipment in order to connect with Volgistics after October 15, 2017.
Please submit a help inquiry if you have any questions about the requirement to connect with TLS 1.2, and we’ll be happy to assist you.