Since restructuring in January, it is not possible anymore to transfer data with our Jabber-Server. Although we pointed out that this kind of transfer is not encrypted, there repeatedly have been misunderstandings.
End of last year it became known that there had been a successful attack against the hard drive-encryption of many Linux systems. The widely used Linux-distribution Ubuntu was affected as well. A few days ago Ubuntu 14.04 LTS has been released which is immune against these attacks and will be maintained for 5 years.
On 23.04.14 from 18:30 onwards our mail-server and website will not be available for approximately 3 hours. This is due to multiple necessary works on our hardware.
Background
In the night of the 7/8 April a fault in the OpenSSL library (used for encrypted internet connections) that already existed for two years has been made public. The fault known as “Heartbleed Bug” allows extracting data from the memory in an encrypted internet connection. Because of this, it was possible to steal access or session data of encrypted connection users. But it is not known if active attacks through this fault really happened.
Tonight a critical vulnerability in the open source library OpenSSL was published. This security gab enables assailants to steal the secret keys and decrypt alleged safe data traffic. This fault has been rectified, but it requires the reboot of all services that use OpenSSL.
This month we changed all our SSL-certificates from CACert to commercial providers. Up until now many of our users were confronted with notifications stating that our websites and services are not trustworthy; people repeatedly told us that this is off-putting. We have put an end to this.
In the last days we provided new certificates for www.systemli.org, pad.systemli.org and all sub-domains of tem.li. These were signed by the Gandi certification body. This certification body is integrated in all common browsers and only gives warning in the case of SSL errors.
Unfortunately the data of our Etherpad service is lost due to a technical problem. This concerns the data of the month January 2014. They cannot be restored. This loss has nothing to do with our recently introduced 30 day storage period.
