Our Blog

Customer security note: OpenSSL “Heartbleed” bug

Published on April 10th, 2014 by Soup Mail

In light of the notification on April 8 of the bug in OpenSSL, known as “Heartbleed“, we have joined nearly every other service provider on the internet in conducting a security audit and implementing precautionary measures.

Soup Mail is no longer vulnerable to this bug.

Whilst there is no evidence that any Soup Mail data has been impacted, there are some things that we are doing, and which you should do, to ensure that there is no residual exposure.

What we have done to keep your data safe

  • Our servers were patched to remove any vulnerability at 16:44 on 08/04 (AEST).
  • We have re-keyed and updated our SSL certificates.
  • We will be forcing some logouts shortly, to eliminate the possibility that credentials obtained during the period of vulnerability could be used. The effect of this will be that you may be logged out of Soup Mail – in which case you simply need to log back in.
    • If you use the Outlook Add-In, you’ll need to log back in within Outlook using the Add-In’s settings form, which you can access from the Soup Mail toolbar/ribbon within Outlook.

What you should do

  • We strongly recommend that you reset your Soup Mail password. Click the button below to do so.

Reset your password

  • While you’re at it, ensure you are using strong passwords, and using different passwords for each web-based service that you use. Here’s a link to a resource that explains why.
  • Check that your browser is configured to not accept revoked certificates. How to do this will depend on the browser you’re using, and you may need to restart your computer for the setting to take effect.
    • Chrome: go to Settings and type “revocation” in the settings page search box, then ensure that the “Check for server certificate revocation” option is checked.
    • Internet Explorer: go to Internet Options > Advanced Tab, and ensure “check for server certificate revocation” is checked. Then restart your computer.
    • Firefox: go to Options > Options > Advanced > Certificates tab > Validation. Ensure that the two options in the Validation dialog box are checked.
  • Ensure that you are also taking appropriate measures for any other web-based services that you use, for example email, banking and social media sites.

Please check our Twitter feed @SoupMail for updates.

Comments are closed.