Posts Tagged ‘Security’

Our Annual Certificate Refresh

Posted on: January 16th, 2020 by

Our annual certificate refresh is upon us.

> Continue Reading

Our statistics for 2019

Posted on: January 3rd, 2020 by

Our terms of service state there’s basically no way for anyone to get any access to your data without us also being able to talk about the fact it happened, and further down nested in our legal framework outline do we have a list of 3 general types under which individual requests could be filed.

Like the last time we declared having made a full eclipse around the sun at an arbitrary date, here’s our statistics for 2019.

> Continue Reading

Security Incident: Involuntary Information Disclosure

Posted on: August 22nd, 2019 by

Earlier today, we have received a report where the web client may inadvertently disclose the so-called common name of accounts within the same domain name space.

> Continue Reading

Our statistics for 2018

Posted on: December 31st, 2018 by

Our terms of service state there’s basically no way for anyone to get any access to your data without us also being able to talk about the fact it happened, and further down nested in our legal framework outline do we have a list of 3 general types under which individual requests could be filed.

I recall that some place, we also promise to at least publish the statistics. I don’t recall where, but I seem to remember we have. In any case, here’s our summary for 2018.

> Continue Reading

Annual TLS Certificate Refresh

Posted on: December 28th, 2018 by

Our annual certificate refresh is coming up,with our TLS certificates expiring annually in January. December is included for a reasonable grace-period, because services will need to be switched over, which costs time.

> Continue Reading

Short-Form GDPR Compliance

Posted on: May 18th, 2018 by

Our team has received multiple inquiries about our service’s compliance with GDPR. We answer these individually, but here’s a short-form of the types of questions that we answer.

> Continue Reading

Deprecation of TLS version 1.0

Posted on: May 9th, 2018 by

For most people, it’s been looming about pretty silently over the past few years, but TLS v1.0, the oldest and earliest version of Transport Layer Security is considered deprecated. The Payment Card Industry (PCI) data security standard (DSS) version 3.2 from April 2016 recommends full deprecation by the end of June 2018.

In compliance with these standards, while originating from the payment card industry, widely regarded to as a guiding standard for other industries, Kolab Now has disabled support for TLS v1.0.

Why? What does that mean?

> Continue Reading

Announcing Service Windows: Reboot Weekend

Posted on: January 8th, 2018 by

As may have already been brought to your attention, some software mitigation is needed for vulnerabilities dubbed “Meltdown” (CVE-2017-5754) and “Spectre” (CVE-2017-5753, CVE-2017-5715).

If I were to summarize the issue with these vulnerabilities then in principle they would, when successfully exploited, allow reading memory that doesn’t belong to the process, the user or even the same operating system instance. In just that way, the Kolab Now infrastructure isn’t impacted.

However, we’re still going to need to patch this out. The only way we can is by updating software and rebooting systems, and this will happen during the weekend of Saturday January 13th and Sunday January 14th.

> Continue Reading

Annual SSL Certificate Refresh

Posted on: December 28th, 2017 by

This is a reminder that our annual certificate renewal period is coming up soon. Usually, we have our certificates issued some time in December, and certificate issuers allow for a grace period up to some time in January. We’re now in that grace period, so our certificates are going to be renewed and cycled throughout our infrastructure.

> Continue Reading

Announcing Service Windows: Implementing 2FA

Posted on: October 11th, 2017 by

As we recently announced, we have pursued an opt-in second factor authentication feature on Kolab Now. As described, the implementation is limiting users to the web client, and this requires some reconfiguration of various servers and services.

> Continue Reading