Sunday, 13 April 2014

What is Heartbleed?

Here is a link that should help explain what the Heartbleed bug is:
http://heartbleed.com/

Are my users affected?

Any service or website that is connected to the internet and uses SSL encryption is potentially vulnerable to the Heartbleed bug.

Did you fix the issue?

Yes, upon receiving the news that Heartbleed existed and a patch was made available, we immediately patched our services to remediate any potential vulnerability. We also re-issued our SSL certificates.

If it's been patched, then why should I change passwords?

While we have applied the patch earlier this week, there is still a potential that your password could have been previously exposed and extorted as it passed through the internet via the encrypted SSL tunnel. Again, we have no confirmed reports of suspicious activity or hijacked passwords, but in the spirit of security we strongly urge users to proactively update their passwords. We urge you to do your diligence and change any online passwords you may have and confirm with your other providers (hosting, banking, social media, etc) that their SSL protocols have been patched.

Will you force a password change?

Since we have no confirmed compromise and do not assume there was any with the Heartbleed bug, we are simply notifying our customers and strongly urging them to change their passwords.

Can you setup a policy to force users to change passwords on next login?

Unfortunately, we cannot provide this service at this time.

Is there a way to mass change passwords?

  1. Administrators can change passwords on individual mailboxes via the control panel at admin.thexyz.com.
  2. Email users can change their own passwords via the Webmail portal at webmail.thexyz.com.

How can I send a message to email all of my users?

You can send an email to everyone on your domain. To email everyone, log into the control panel, and perform the following steps:
  1. Mouse over the Go to section drop-down menu and select Domains.
  2. In the Tools section, click the Email Everyone link.
  3. If you have multiple domains, select the appropriate domain name. Or, to change domains at any time, click the change domain link.
  4. Click the Email Everyone link.
  5. Enter the following information in the spaces provided:
    • Sender's Name—Enter the first and last name of the sender.
    • Sender's Email Address—Enter the email address of the person sending the email.
    • Subject—Enter a subject for the email.
    • Message Body—Enter the message for your email.
  6. Click the Send button.

I have changed passwords for my users and now they are reporting various password issues, what happened?

  • Check to see if that mailbox is currently locked by looking in the Control Panel for that specific user mailbox.
  • Check what devices they're using to connect to their HEX mailbox! PC at work, iMac at home, work-issued iPhone, personal iPad, etc. Why? If they're Exchange account is set up on any of these devices AND they updated the password recently, they're going to need to update all of their devices for that new password. Meaning, any one of these could be locking out the mailbox.
  • Unlock the mailbox through the Control Panel. Once it shows that it's no longer locked using the aforementioned tools, have your user log into Outlook Web App (webmail.thexy.com) to verify that they are, in fact, using the correct password.
  • Clear out remembered passwords. Particularly on Windows or Macs, we see issues with the Credential Manager (Windows) or Keychain Access (Mac) remembering the "old" password.
    • Once this is cleared out, have them open their email client again. Since you just had them clear the Credential Manager for this account, they should be prompted for the email address and password again.
    • Have them re-enter that information correctly. It would be safe for them to "remember" the password. This, in turn, will create a new entry in the credential manager.

Trending Posts

Blog Archive

Subscribe by email

Enter your email address:

Subscribe to more feeds

Tags

News (73) Web Hosting (48) Email (32) security (19) Advertising (17) Tutorials (16) webmail (16) Thexyz Cloud (13) Video (5) resellers (2)