POODLE and SSLv3

By | October 16, 2014
This week has brought about the latest security vulnerability. Google’s Thai Duong, Krzysztof Kotowicz, and Bodo Möller made the vulnerability — POODLE (Padding Oracle On Downgraded Legacy Encryption) — public on Tuesday, October 14, 2014. POODLE is a padding oracle attack affecting Secure Sockets Layer (SSL) version 3 and in particular, CBC-mode ciphers. This vulnerability opens the door for possible man-in-the-middle attacks. Adam Langley of Google provides some additional insight into POODLE: “This should be an academic curiosity because SSLv3 was deprecated very nearly 15 years ago. However, the Internet is vast and full of bugs. The vastness means that a non-trivial number of SSLv3 servers still exist and workarounds for the bugs mean that an attacker can convince a browser to use SSLv3 even when both the browser and server support a more recent version.… Read more »

The Shellshock Flaw

By | September 30, 2014
***Security Alert*** [Update 2 | September 30, 2014, 9:10am CST] Apple has released at update. [Update 1 | September 26, 2014, 11:40am CST] Red Hat has released a full patch. [Original Post | September 25, 2014, 1:45pm CST] Zimbra is aware and has been closely monitoring the developments of the Shellshock vulnerability. At this time, Zimbra has found no impact on our products, nor do we anticipate any. We recommend that our customers evaluate their systems for this vulnerability and to take immediate action to remediate as patches become available This flaw affects the Bash shell of Unix-based systems and does not necessarily affect the applications running on top of those operating systems.… Read more »

Zimbra Customers Named Finalists for Next Generation Customer Experience Award

By | September 23, 2014
So often, corporate blogs post about themselves, market trends, products and other assorted topics. What is often forgotten, unfortunately, is the one topic that matters the most, customers. A company’s journey to serve customers can easily be derailed by other areas of interest, but customers come first, period. And, as Zimbra’s CEO Patrick Brandt said earlier today, “we take exceptional pride when our customers are successful, and feel privileged to contribute to their efforts. This recognition of Dell and Rackspace by Constellation Research speaks volumes about how leading brands are those that act as change agents for the benefit of their customers.” Dell and Rackspace epitomize “leading brand” with their unique external communities. Dell has Toad World for its Toad database solutions, and Rackspace is driving youth education with a program called Open Cloud Academy. A great article by Entrepreneur references Seth Godin’s definition of brand, "the set of expectations, memories, stories and relationships that, taken together, account for a consumer's decision to choose one product or service over another.… Read more »

Three Tenets for Delivering on the Promise of Internal Social Networks

By | September 16, 2014
What does it mean to be visionary? To Gartner, Visionaries “understand where the market is going or have a vision for changing market rules.” In the recent Gartner “Magic Quadrant for Social Software in the Workplace,” Zimbra was positioned as a Visionary. To me, a visionary is more accurately defined as delivering on market-defining vision that pushes the bounds of innovation in a manner not possible by monolithic, legacy providers. For social software and today’s fast-paced world, workers demand that social products do more than initially designed. You could argue, due to cloud and mobile technology, that we are experiencing a period of innovation like never before. But, the key to successful innovation is providing cool features that people want, and will actually use. As an analyst said on a recent call, tools are “only useful if used.… Read more »

forumshome

Zimbra Forums Migrating to New Home

By | September 12, 2014
As many of our forums users are aware, our Zimbra vBulletin forum (zimbra.com/forums) was closed down recently. We greatly apologize to our members for this downtime. We know that, especially for our open source development community, these forums are a valuable resource for advice and information. To resolve the issue as quickly as we can, we are moving the forums from Vbulletin to the main Zimbra community at community.zimbra.com. The process will take us about a week.… Read more »

Forums.zimbra.com Incident and Resolution

By | September 3, 2014
On Sunday, August 31, Zimbra’s information security and technology team noticed unusual activity on the Zimbra vBulletin forum on Zimbra.com. We immediately took steps to limit the impact of the malicious activity. This did not affect customer, partner or employee data. This was not a breach of Zimbra products. Immediate action was taken to ensure proper incident remediation, including consultation with the appropriate authorities. As part of our risk mitigation plan, the Zimbra forums that are supported by vBulletin have been temporarily taken down for patching and upgrades. This includes all forums that provide crowdsourced support for Zimbra Collaboration.… Read more »