Samepage.io is protected against OpenSSL Heartbleed vulnerability
April 11, 2014
Samepage released a patch to protect against the OpenSSL vulnerability on April 8, 2014. Kerio advises all of its customers to change their passwords and revoke SSL certificates.
On Monday, April 7, 2014 a security engineer at Google and a team of researchers at Finnish security company Codenomicon Ltd. uncovered a serious vulnerability in OpenSSL. The vulnerability is now known as Heartbleed. OpenSSL encrypts communication between your computer and the server and is built into Apache web server used by about two-thirds of websites globally. OpenSSL is also used by tens of thousands of IT vendors including Kerio to provide secure connections.
We have taken the following precautions to safeguard the Samepage servers and service:
We have updated our OpenSSL software which patches the vulnerability caused by the Heartbleed bug
We have revoked and reissued new SSL security certificates for the Samepage service
The Samepage security team continues to evaluate the integrity of our service and will provide specific updates and information on the Samepage Community as it becomes necessary.IMPORTANT - RESET SAMEPAGE PASSWORDAs a precaution to protect your data, we highly recommend that all Samepage users change their account passwords.
Your password can be manually changed by following the instructions here. In the coming days, those that have not changed their password since 5pm PDT on April 9, 2014, will be automatically prompted to reset their password before viewing their Samepage content.SECURITY ADVICEKerio recommends that you change your passwords for high-security services like email, file storage, and banking. Kerio is also advising users to use a unique password for each service/account and follow good practices for password complexity. It is also advisable to test any websites and services for Heartbleed vulnerability prior to resetting passwords if you are unsure if the site or service was affected.