Navigation

Archive | Security & Privacy

Factoring Attack on RSA-EXPORT Keys (FREAK)

By on March 5, 2015 in Security & Privacy

Zimbra is aware of a newly disclosed SSL/TLS vulnerability that provides a potential malicious actor with a method to perform a Man-in-the-Middle (MitM) attack — the vulnerability is being referred to as FREAK (Factoring attack on RSA-EXPORT Keys). For more information on the attack and how this applies to Zimbra, please head over to the […]

Continue Reading

When is a Lock, Not a Lock?

By on February 11, 2015 in Open Source, Security & Privacy

January was an interesting month for cryptography. The UK Prime Minister made some very strong statements about digital communication, essentially calling for strong encryption to be shirked by providing law enforcement with a back door. The US National Institute of Standards and Technology (NIST) announced the deprecation of several Federal Information Processing Standards (FIPS), one […]

Continue Reading

Half of All Email Systems will be Replaced in Two Years

By on November 19, 2014 in Open Source, Security & Privacy

Today, Zimbra announced the results of the Ponemon Institute’s “The Open Source Collaboration Study: Viewpoints on Security and Privacy in the U.S. and EMEA” report. Sponsored by Zimbra, the study surveyed 1,398 IT and IT security practitioners to learn about their companies’ involvement in the use of open source messaging and collaboration solutions, and their […]

Continue Reading

Zimbra Collaboration Updates (8.0.9 & 8.5.1)

By on November 6, 2014 in Product News, Security & Privacy

Yesterday, Zimbra released updates to Zimbra Collaboration, both the 8.0.x and 8.5.x trees. Security These updates address the OpenSSL security advisory dated October 15 and provide a partial fix for POODLE (due to the need for both client and server changes). Zimbra Collaboration 8.0.9 and 8.5.1 update the OpenSSL libraries for nginx, OpenLDAP and Postfix […]

Continue Reading

POODLE and SSLv3

By on October 16, 2014 in Product News, Security & Privacy

This week has brought about the latest security vulnerability. Google’s Thai Duong, Krzysztof Kotowicz, and Bodo Möller made the vulnerability — POODLE (Padding Oracle On Downgraded Legacy Encryption) — public on Tuesday, October 14, 2014. POODLE is a padding oracle attack affecting Secure Sockets Layer (SSL) version 3 and in particular, CBC-mode ciphers. This vulnerability […]

Continue Reading

The Shellshock Flaw

By on September 30, 2014 in Product News, Open Source, Security & Privacy

***Security Alert*** [Update 2 | September 30, 2014, 9:10am CST] Apple has released at update. [Update 1 | September 26, 2014, 11:40am CST] Red Hat has released a full patch. [Original Post | September 25, 2014, 1:45pm CST] Zimbra is aware and has been closely monitoring the developments of the Shellshock vulnerability. At this time, […]

Continue Reading

Copyright © 2022 Zimbra, Inc. All rights reserved.

All information contained in this blog is intended for informational purposes only. Synacor, Inc. is not responsible or liable in any manner for the use or misuse of any technical content provided herein. No specific or implied warranty is provided in association with the information or application of the information provided herein, including, but not limited to, use, misuse or distribution of such information by any user. The user assumes any and all risk pertaining to the use or distribution in any form of any subject matter contained in this blog.

Legal Information | Privacy Policy | Do Not Sell My Personal Information | CCPA Disclosures