«

Security warnings on memengo.com web site.

Earlier today Security Ceritifcate (SSL) on www.memengo.com has expired, causing security warnings being issued to all site visitors, and breaking sync function in Memengo Wallet app. The certificate was fixed within six hours of the incident, and now I would like to take this opportunity to clarify what happened.

While annoying and even seemingly scary, this event has no consequences for integrity or security of your data.

SSL certificates are made to expire, so that there is a certain date after which the certificate owner does not need to worry about preserving the privacy of the certificate. For example, if a certificate were to expire on May 14th 2011, then the owner of the certificate could be certain he can discard his old laptop after that date, because even if the certificate was stored there it would be of no use to anyone, being expired. Since we didn’t discard any equipment, the control over the certificate was as tight as ever. Therefore this event is inconsequential.

The reason why it was allowed to lapse is a failure of several safeguards:

1. The reminder for the imminent expiration has arrived 4 weeks ahead of time, as it should have, but in haste I have dismissed it. For the next time I have scheduled two reminders at different intervals.

2. The calendar event for this expiration was also scheduled 4 weeks in advance, thus today there was nothing on the “important things that could go wrong” calendar. This has been corrected and the next reminders are actually scheduled on the date of the expiration.

3. The company whose job is to monitor online status of www.memengo.com web site and quickly notify us about any errors seem to have misconfigured their clocks, and the reminder has arrived about 8 hours later than it should have. I will work with them to fix this problem.
[UPDATE: the issue was rectified and SSL certificate validity monitor was set up].

Sorry about the inconvenience. Mea culpa.

Advertisement

This entry was posted on May 15, 2011 at 7:03 pm and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

7 Responses to “Security warnings on memengo.com web site.”

  1. Fergus Reid Says:
    May 20, 2011 at 2:00 am

    Hi Denis, thanks for the update and explanation. We make extensive use of Memengo, so thanks for all your efforts.

    Best Regards,
    Fergus

  2. mike Says:
    May 26, 2011 at 10:26 am

    So when are you going to get it fixed? It is making me nervous.

    • Denis Says:
      May 26, 2011 at 11:16 am

      The SSL certificate has been fixed by the time the blog post went up. Sorry for not making this clear. I should update the blog post itself.

  3. Keith Says:
    June 6, 2011 at 11:24 am

    When will the synch function come back online?

    • Denis Says:
      June 6, 2011 at 11:48 am

      It’s up and running. In fact, it was back up and running when the post went up. If you are having problems please contact support!

  4. Jason Says:
    June 6, 2011 at 12:20 pm

    Hi Denis –

    I’m still seeing the certificate error. Is there something I need to do on my end to correct this?

    • Denis Says:
      June 6, 2011 at 12:26 pm

      Make sure the date is set correctly on your iPhone/iPad

      If that does not help please contact support. I am out of office, but I will get back to you when return.

Comments are closed.

Follow

Get every new post delivered to your Inbox.