On July 9, 2015, OpenSSL issued a security update to correct an issue opened by its June update. Specifically, this issue relates to alternative chains certificate forgery (CVE-2015-1793), i.e. an ability to “cause certain checks on untrusted certificates to be bypassed, such as the CA flag, enabling them to use a valid leaf certificate to act […]
Archive | Security & Privacy
Logjam’s Impact on Zimbra Collaboration
Zimbra is aware of a newly disclosed SSL/TLS vulnerability that provides a potential malicious actor with a method to perform a Man-in-the-Middle (MitM) attack — the vulnerability is referred to as Logjam. Similar to FREAK, this attack targets export-grade encryption, specifically Diffie-Hellman key exchanges. For more information on the attack and how this applies to […]
General Availability: Zimbra Collaboration 8.6.0 Patch 2
By Matthew Lewis on May 6, 2015 in Open Source, Product Updates, Security & Privacy, Zimbra Web Client
As of yesterday, May 5, Zimbra Collaboration 8.6.0 patch 2 is generally available. This patch is cumulative with ZC 8.6.0 patch 1, meaning you only need to apply this patch to get the benefits of both. As noted in the release notes, the majority of bug fixes are for the Admin and Web UIs, with some minor […]
Introducing Zcast
On behalf of Zimbra, I am happy to introduce Zcast. In this new podcast series, Zimbra CMO Olivier Thierry covers a variety of technology topics that relate, primarily, to open source software, communication technology, business/product strategy, cybersecurity and data protection. The first in the series is with Zimbra partner MailGuard, founded in 2001 by CEO […]
Email Protection Best Practices: SPF, DKIM and DMARC
By Jorge de la Cruz on April 9, 2015 in Open Source, PowerTips – Admins, Security & Privacy, Zimbra Server
As Zimbra Collaboration is a central communication hub for your business, it needs to be protected and secured. Zimbra Collaboration contains multiple antispam features like SpamAssassin, Amavis-d, etc. But, how do you protect against spoofing? How do we ensure outgoing emails are not going into the junk folder of recipients using other platforms like Google Apps, Outlook 365, […]
Factoring Attack on RSA-EXPORT Keys (FREAK)
Zimbra is aware of a newly disclosed SSL/TLS vulnerability that provides a potential malicious actor with a method to perform a Man-in-the-Middle (MitM) attack — the vulnerability is being referred to as FREAK (Factoring attack on RSA-EXPORT Keys). For more information on the attack and how this applies to Zimbra, please head over to the […]