Archive for December, 2017

Annual SSL Certificate Refresh

Posted on: December 28th, 2017 by

This is a reminder that our annual certificate renewal period is coming up soon. Usually, we have our certificates issued some time in December, and certificate issuers allow for a grace period up to some time in January. We’re now in that grace period, so our certificates are going to be renewed and cycled throughout our infrastructure.

> Continue Reading

Recursion Violation: A 2nd 2nd Factor

Posted on: December 12th, 2017 by

A second factor protects your account, but to such extent that if you loose the one device you are normally using, you will have lost access to your account. Hence, we’re going recursive and get you a second second factor (22FA, 2FA^2).

Here’s the process;

  1. Create a first second factor and call it your Secondary.
  2. Take a picture or screenshot of the QR code, so that you can print it and store it offline, some place safe.
  3. Continue with enabling the first, but secondary, second factor and type the validation code so you know everything works.
  4. Create a new second factor, and confirm the high-security with your Secondary.
  5. Call the new factor Primary; this will be the one you keep on your phone, and use in your day-to-day.
  6. In order for this token to be scanned, you’ll have to remove the Secondary from your device.
  7. Continue with the process of getting your primary second factor on to your device.
  8. Log out.
  9. Lose your phone.

Help! Now what?

  1. Buy a new phone.
  2. Add back your secondary second factor using the piece of paper stored safely offline.
  3. Log back in using this backup TOTP-based second factor.
  4. Go to your settings and remove the primary token; you’ll need to confirm it using your secondary.
  5. Add a new factor and call it New Primary.
  6. Remove the secondary from your phone.
  7. Continue with adding back a primary token and enjoy your new token!

Simple, right? Nothing to it. Too easy.

Incident Report: DNSSEC record expired

Posted on: December 10th, 2017 by

On Saturday morning (CET) the DNSSEC records expired on one of our DNS servers. This caused a group of customers to have troubles logging in and connecting to Kolab Now services. The record has been renewed and all customers should have access (at 22:49 CET – Please read below).

> Continue Reading

PGP encryption for Kube

Posted on: December 5th, 2017 by

Secure and confidential communication is an important requirement for a society, and something, I think, we should provide to as many people as possible.
A popular mechanism to achieve this is to use public-key cryptography, which allows a person to encrypt a message to a persons key, so that only the intended recipient can decrypt the message. This means that even if an attacker would get his hands on the encrypted message, without the key, it’s only useless gibberish.

As one of the primary usecases of Kube is communication, it should also support you in doing so in a secure and confidential fashion.

> Continue Reading