Critical Update - 10 June 2015
What is the Critical Security Update included in V3.3.638?
As of 16 June 2015, Silhouette offered a new software version (V3.3.638) in order to provide a Critical Security Update as required by the credit card industry (see bulletin here). This update changes the way that information is transferred from secure web pages through the Silhouette Design Store. Previously, the software was using an SSL security protocol. Recently, this SSL security protocol was declared to be vulnerable and is no longer deemed secure or acceptable by credit card companies.
The new version uses the TLS protocol to send data to the Silhouette Design Store, which offers proper data security. The update only affects the Silhouette Design Store and its security, as well as securely transferring information when upgrading the software with a license key.
Why is it necessary?
We are required by credit card processing companies to ensure proper data encryption. Otherwise, they do not allow us to accept payment and subsequently we would no longer be able to offer access to the Silhouette Design Store.
However, it is not just credit card information that is potentially vulnerable and in need of protection. It also includes things like your username and password each time you log in. For users who may share the same password for other websites and accounts, this unlocks the door for a hacker to gain access to other accounts that they use apart from the Silhouette Design Store.
What does this mean for anyone using an older software version?
Older versions of the software will continue to function properly for all areas aside from a) being able to access and download content from the Silhouette Design Store, and b) the ability to apply new license keys to upgrade the software
NOTE: This does not affect license keys that have already been applied. It only prevents license keys from being able to be sucessfully applied or re-applied going forward if the latest software update is not applied.
When do I need to run the update?
You may run the update at any time. There is no deadline by which you are required to run the security update. This update will continue to be available going forward in this and all further future updated versions.
Again, the software will continue to operate properly aside from the noted functions above (downloading and license key application). If you are unable to access or run the update immediately, you will be able to run it later at your convenience.