Earlier today Security Ceritifcate (SSL) on http://www.memengo.com has expired, causing security warnings being issued to all site visitors, and breaking sync function in Memengo Wallet app. The certificate was fixed within six hours of the incident, and now I would like to take this opportunity to clarify what happened.
While annoying and even seemingly scary, this event has no consequences for integrity or security of your data.
SSL certificates are made to expire, so that there is a certain date after which the certificate owner does not need to worry about preserving the privacy of the certificate. For example, if a certificate were to expire on May 14th 2011, then the owner of the certificate could be certain he can discard his old laptop after that date, because even if the certificate was stored there it would be of no use to anyone, being expired. Since we didn’t discard any equipment, the control over the certificate was as tight as ever. Therefore this event is inconsequential.
The reason why it was allowed to lapse is a failure of several safeguards:
1. The reminder for the imminent expiration has arrived 4 weeks ahead of time, as it should have, but in haste I have dismissed it. For the next time I have scheduled two reminders at different intervals.
2. The calendar event for this expiration was also scheduled 4 weeks in advance, thus today there was nothing on the “important things that could go wrong” calendar. This has been corrected and the next reminders are actually scheduled on the date of the expiration.
3. The company whose job is to monitor online status of http://www.memengo.com web site and quickly notify us about any errors seem to have misconfigured their clocks, and the reminder has arrived about 8 hours later than it should have. I will work with them to fix this problem.
[UPDATE: the issue was rectified and SSL certificate validity monitor was set up].
Sorry about the inconvenience. Mea culpa.



