Our team has received multiple inquiries about our service’s compliance with GDPR. We answer these individually, but here’s a short-form of the types of questions that we answer.
Tag: Security
Deprecation of TLS version 1.0
For most people, it’s been looming about pretty silently over the past few years, but TLS v1.0, the oldest and earliest version of Transport Layer Security is considered deprecated. The Payment Card Industry (PCI) data security standard (DSS) version 3.2 from April 2016 recommends full deprecation by the end of June 2018.
In compliance with these standards, while originating from the payment card industry, widely regarded to as a guiding standard for other industries, Kolab Now has disabled support for TLS v1.0.
Why? What does that mean?
Announcing Service Windows: Reboot Weekend
As may have already been brought to your attention, some software mitigation is needed for vulnerabilities dubbed “Meltdown” (CVE-2017-5754) and “Spectre” (CVE-2017-5753, CVE-2017-5715).
If I were to summarize the issue with these vulnerabilities then in principle they would, when successfully exploited, allow reading memory that doesn’t belong to the process, the user or even the same operating system instance. In just that way, the Kolab Now infrastructure isn’t impacted.
However, we’re still going to need to patch this out. The only way we can is by updating software and rebooting systems, and this will happen during the weekend of Saturday January 13th and Sunday January 14th.
Continue Reading “Announcing Service Windows: Reboot Weekend”
Annual SSL Certificate Refresh
This is a reminder that our annual certificate renewal period is coming up soon. Usually, we have our certificates issued some time in December, and certificate issuers allow for a grace period up to some time in January. We’re now in that grace period, so our certificates are going to be renewed and cycled throughout our infrastructure.
Announcing Service Windows: Implementing 2FA
As we recently announced, we have pursued an opt-in second factor authentication feature on Kolab Now. As described, the implementation is limiting users to the web client, and this requires some reconfiguration of various servers and services.
Continue Reading “Announcing Service Windows: Implementing 2FA”
TOTP-based Two Factor Authentication Passed QA
In a previous blog post, I have told you about our experimenting with TOTP-based two factor authentication. It proves functional in the Cockpit and in the Web Client, so we’re preparing the promotion to production.
Continue Reading “TOTP-based Two Factor Authentication Passed QA”
Experimenting with TOTP Two Factor Authentication
We’re currently experimenting with an implementation of TOTP-based 2 factor authentication, allowing our customers to use a second factor.
Until now, Kolab Now required its users to supply a username and a password. This is considered only a single factor, since the username is your email address and thus known to third parties.
Continue Reading “Experimenting with TOTP Two Factor Authentication”