Memengo, Inc. official blog

Earlier today Security Ceritifcate (SSL) on http://www.memengo.com has expired, causing security warnings being issued to all site visitors, and breaking sync function in Memengo Wallet app. The certificate was fixed within six hours of the incident, and now I would like to take this opportunity to clarify what happened.

While annoying and even seemingly scary, this event has no consequences for integrity or security of your data.

SSL certificates are made to expire, so that there is a certain date after which the certificate owner does not need to worry about preserving the privacy of the certificate. For example, if a certificate were to expire on May 14th 2011, then the owner of the certificate could be certain he can discard his old laptop after that date, because even if the certificate was stored there it would be of no use to anyone, being expired. Since we didn’t discard any equipment, the control over the certificate was as tight as ever. Therefore this event is inconsequential.

The reason why it was allowed to lapse is a failure of several safeguards:

1. The reminder for the imminent expiration has arrived 4 weeks ahead of time, as it should have, but in haste I have dismissed it. For the next time I have scheduled two reminders at different intervals.

2. The calendar event for this expiration was also scheduled 4 weeks in advance, thus today there was nothing on the “important things that could go wrong” calendar. This has been corrected and the next reminders are actually scheduled on the date of the expiration.

3. The company whose job is to monitor online status of http://www.memengo.com web site and quickly notify us about any errors seem to have misconfigured their clocks, and the reminder has arrived about 8 hours later than it should have. I will work with them to fix this problem.
[UPDATE: the issue was rectified and SSL certificate validity monitor was set up].

Sorry about the inconvenience. Mea culpa.

I’ve updated the web site today with couple of changes:
1. Compatibility with new web browsers is improved (such as Firefox 3.6+)
2. You can now bookmark Individual wallets and use that bookmark to always end up in the same wallet.

Let me know if you see any issues.

Since Memengo Wallet was released you have spoken and we have listened. The latest update addresses 5 of your most frequent requests and it will be released on the app store in about two weeks. For each feature there is a person or a small group who championed it, and today these nice people are rewarded with:

a) A free copy of GeeTasks – a task manager that syncs with Google Tasks. Please contact support to receive your Promo Code.
b) The requests being addressed. That’s what you get for speaking up.

Here are the new features:

1. More readable font. I have scanned through all fonts on iPhone and found the only one where all leters below look differently. Thanks Dark for bringing this issue up.

2. Lockout can now be configured in Settings – you can specify to lock when screen locks, or after so many minutes. Thanks to Kyle, sickpuma an Robert for taking time to explain this problem to me. Apart from different timing, setting a time-based lockout will prevent Wallet from closing when focus is lost (e.g. an SMS arrives).

3. Encryption key can be entered using PIN-friendly keyboard. I still recommend using more complicated character set than just numbers, but if you’re sure you know what you are doing now is your time. Thanks Matthias and Cantello for suggesting this feature. Also notice the nice shiny button – there will be more of these as I’m getting a hang of this button design thing.

4. Copy-paste support for iPhone OS 3.0. While Wallet remains compatible iPhone OS 2.2, when run on OS 3.0 you can now also tap-and-hold on any field in a card and you will be offered to copy text to iPhone’s clipboard or to append it. Thus you can copy both user named and password into clipboard and go use Safari without the need to come back. Thanks sickpuma.

5. Speaking of Safari. Tap-and-hold over a link also allows you to open links in Safari instead of the built-in Web Browser. This should make things a little quicker for those of you who prefer Safari. Thanks sickpuma.

Many of you are wondering why hasn’t there been anything new from Memengo during the summer. Well, we were working on a new app!

Our existing product Memengo Wallet allows you to sync your passwords between the iPhone/iPod Touch and the cloud. That way you can access them wherever you are – on the street trying to remember PIN code for one of the debit cards, or shopping from your PC at home while wearing slippers. It’s nice to have your password always within your reach.

Extending this idea we introduce GeeTasks – a task list app for iPhone/iTouch that syncs with the cloud. The cloud in this case is Google Tasks – a simple, easy to use and free online task manager. Best of all, if you already use Gmail you don’t need to memorize another web site, or password – Google Tasks are built right into Gmail interface.

Give it a try and let us know what you think: http://www.geetasks.com

Here is a good article which describes how to pick a good password for your account at a web site.

Note that when picking the Memengo Wallet encryption key you need to follow these guidelines which are more strict. The reason for the difference is that the encrypted data is stored on your iPhone, not on some remote web site. Trying out all possible passwords on remote web site is naturally limited by the network speed, and may indeed only work at a rate of about 100 passwords per second, however someone who stole or found your lost iPhone may be able to try out the passwords at a much higher rate.

Together with folks at http://www.easterappsales.com/ we are conducting our Easter Sale. If you wanted to suggest Memengo Wallet to your friends now is the time – only 99 cents today and tomorrow! Also check out other apps that are on sale over there, maybe you will like some of them.

In the last update we have added a “delete wallet” button to the unlock dialog – it was requested by people who forgot their encryption key and thus had no other choice but to delete the wallet (remember – there is no way to recover the encryption key).

We have since received feedback that sometimes friends and especially children were very tempted to press that button and follow all the way through the confirmation process. The red button has proved to be irresistible. Ourselves we use Passcode Lock security on our phones to avoid this problem, however not everyone does and we decided to restore the status quo.

The “delete” button has been… ahem, deleted in the latest updated which I submitted tonight to the App Store. We will reintroduce a more child-proof way of deleting the locked wallets in a future release.

We expect the new release to hit the store by Saturday.

We now have our user forums over here. Feel free to ask questions, submit requests and just chat with other fellow users. You don’t need to register to post – just drop by, we’re glad to see you.

Remember that if you are having technical problems and need help it’s better to contact technical support – we need to know who you are and may have to ask more details in order to help you out!

There are other helpful resources on http://help.memengo.com/ as well.

“What’s on iPhone” is currently giving away several promo codes for Memengo Wallet over here. If you wanted to give one to a friend or a family member now would be good time to head over there and make your desire known!

This giveaway is to celebrate the last update we shipped couple of weeks back. Large text notes are now a lot easier to handle – tapping one will allow you to see it full-screen, rotate and zoom in/out (changing the font size).

A few things are happening right now:

• We are currently finalizing “move a card to a different wallet” feature for iPhone Wallet app. It should take about a week until it’s public.
• We have received government approval for world-wide distribution. The next update to Wallet will be available everywhere.
• We’re working on creating community forums