Archive | Security & Privacy

How to use DOMPurify in your Zimlet for XSS sanitizing

By Barry de Graaff on November 30, 2022 in Security & Privacy, Zimbra SkillZ, Zimlets

Cross-Site Scripting (XSS) attacks are a type of injection attack, in which malicious scripts are injected into otherwise benign and trusted websites. In case you are developing a Zimlet you should not trust any form of user input. If you integrate 3rd party services via your Zimlet, you probably also want to sanitize any data […]

Did you know? SELinux is not a Zimbra feature

By Barry de Graaff on November 16, 2022 in Did You Know, PowerTips – Admins, Security & Privacy

This blog is about something that is not a Zimbra feature, yes you read it correctly, usually on the blog we highlight new or existing features. But this blog is a little different. Every now and then people write in the Zimbra forums or comment on blog posts saying they run Zimbra with SELinux in […]

Zimbra not affected by critical OpenSSL issue

By Barry de Graaff on November 1, 2022 in Product News, PowerTips – Admins, Security & Privacy

The OpenSSL project is releasing a critical fix for OpenSSL version 3.x. Zimbra is using OpenSSL version 1.1.1q which is an older still supported version of OpenSSL. The version in Zimbra is not affected by the fix, which means no patches are needed for Zimbra. You should install operating system security updates and other 3rd […]

Zimbra installation integrity check

By Barry de Graaff on October 12, 2022 in Did You Know, PowerTips – Admins, Security & Privacy

The script in this article allows Zimbra administrators to create checksums of all the files in a Zimbra installation. The output of the script can be used to identify unintended changes and newly created files. Such changes can for example be caused by hackers. You can use this script pro-actively by scheduling it in a […]

Zimbra S/MIME encryption whitepaper

By Barry de Graaff on September 28, 2022 in Community, Partners, Security & Privacy, Whitepaper

Email messages and attachments can be intercepted as they are sent over the Internet. Many email providers support secure connections for incoming and outgoing email. However, the email protocol has a flaw: it falls-back to unsecure connections if an error happens. Zimbra supports S/MIME a standard for encryption and signing email. By using S/MIME encryption […]

Zimbra Security and PCI DSS

By Barry de Graaff on September 21, 2022 in Community, Partners, Security & Privacy, Whitepaper

Emails are accessible to most people anywhere and anytime. However, when it comes to handling sensitive data like credit card information, you need to rethink your messaging options. The Payment Card Industry Data Security Standard (PCI DSS) is an information security framework intended to help merchants and service providers protect credit and debit card transactions […]

← Previous 1 … 7 8 9 … 17 Next →

Navigation

Archive | Security & Privacy