- by Michael Sliwinski, CEO and founder
You have probably heard by now - "Heartbleed" is currently top of the list. It is the name of a bug in security software installed on most of Internet's servers - and it caused a big problem for all of us - it could enable an intruder to sniff your secure connections to your favorite services and even possibly discover your login credentials. It was really a spooky thing when it was uncovered but hopefully we have some good news to share with you.
The Good News for Nozbe users
Nozbe servers were NEVER vulnerable to "Heartbleed" bug
Yes, your login credentials to Nozbe have been safe at all times. Our servers were never vulnerable to this bug.
What it means: while we encourage you to change your password to Nozbe every now and then, you don't have to do it. You are safe. Your data is completely safe with us.
Technical details: Our current Nozbe servers are running a conservative version of OpenSSL (0.9.8) which is automatically patched and was never vulnerable to "Heartbleed" bug, which on the contrary affected OpenSSL installations of 1.x branch.
The future for Nozbe users
New server infrastructure
We're preparing to migrate to a newer, faster and more powerful server infrastructure in the upcoming weeks. The newer servers are running OpenSSL 1.X so we've made sure they're patched, safe and bullet-proof secure. Moreover, our newer servers will have additional layers of security to make sure you're safer with Nozbe than with your online bank, seriously :-)
Two-step verification coming soon
To take security in Nozbe to even a higher level, we'll be introducing two-step verification option for all Nozbe users later this year. We're planning to introduce it together or soon after we've released the upcoming Nozbe 2.0, to make your Nozbe experience even more comfortable as a whole.
Security of your Nozbe data is our lifeblood
We're a small software company running a piece of productivity software that helps more than 200.000 people worldwide to organize their life every single day. We've been running our service for more than 7 years now (which is ages long in the Internet years) and we're planning to keep running it for many years to come (hopefully forever?).
Although we are small, thanks to the fact that many of you are paying customers, we are highly profitable and we keep reinvesting the profits in improving our server infrastructure, highest data security available and many layers of backups to make sure you won't loose your data.
In the meantime...
While you are safe with us and you don't have to change your Nozbe password because of the "Heartbleed" bug, we do encourage you to change the passwords to the other services you use like Gmail, Evernote, iCloud and others - just to make sure.
What is also important, if you're running a service that provides SSL connection which was affected by this bug, make sure to check if your server is patched and re-issue a new private key for your SSL server and based on that, install the SSL certificate again. You will be 100% sure that everything is fine then.
We are very glad that you are a Nozbe user and we want to thank you for trusting us to help you manage your life. Have a great, productive and safe week!
Posted on Monday, April 14, 2014