What is Heartbleed?
Here is a link that should help explain
what the Heartbleed bug is:
http://heartbleed.com/
Are my users affected?
Any service or website that is
connected to the internet and uses SSL encryption is
potentially vulnerable to the Heartbleed bug.
Did you fix the issue?
Yes, upon receiving the news that
Heartbleed existed and a patch was made available, we
immediately patched our services to remediate any
potential vulnerability. We also re-issued our SSL certificates.
If it’s been patched, then why
should I change passwords?
While we have applied the patch earlier
this week, there is still a potential that your password
could have been previously exposed and extorted as it
passed through the internet via the encrypted SSL tunnel.
Again, we have no confirmed reports of suspicious
activity or hijacked passwords, but in the spirit of
security we strongly urge users to proactively update
their passwords. We urge you to do your diligence
and change any online passwords you may have and confirm
with your other providers (hosting, banking, social media,
etc) that their SSL protocols have been patched.
Will you force a password
change?
Since we have no confirmed compromise
and do not assume there was any with the Heartbleed bug,
we are simply notifying our customers and strongly urging
them to change their passwords.
Can you setup a policy to force
users to change passwords on next login?
Unfortunately, we cannot provide this
service at this time.
Is there a way to mass change
passwords?
- Administrators can change passwords
on individual mailboxes via the control panel at admin.thexyz.com. - Email users can change their
own passwords via the Webmail portal at webmail.thexyz.com.
How can I send a message to
email all of my users?
You can send an email to everyone on your domain.
To email everyone, log into the control panel, and
perform the following steps:
- Mouse over the Go to section
drop-down menu and select Domains. - In the Tools section, click
the Email Everyone link. - If you have multiple domains, select the
appropriate domain name. Or, to change domains
at any time, click the change domain
link. - Click the Email Everyone
link. - Enter the
following information in the spaces provided:- Sender’s Name—Enter the first and last
name of the sender.
- Sender’s Email Address—Enter the email
address of the person sending the email. - Subject—Enter a subject for the email.
- Message Body—Enter the message for your
email.
- Sender’s Name—Enter the first and last
- Click the Send button.
I have changed passwords for my
users and now they are reporting various password
issues, what happened?
- Check to see if that mailbox is currently
locked by looking in the Control Panel for
that specific user mailbox. - Check what devices they’re using to connect to
their HEX mailbox! PC at work, iMac at home,
work-issued iPhone, personal iPad, etc. Why? If they’re
Exchange account is set up on any of these devices AND
they updated the password recently, they’re going to
need to update all of their devices for that new
password. Meaning, any one of these could be locking out
the mailbox. - Unlock the mailbox through the
Control Panel. Once it shows that it’s no longer locked
using the aforementioned tools, have your user log into
Outlook Web App (webmail.thexy.com)
to verify that they are, in fact, using the correct
password. - Clear out remembered passwords.
Particularly on Windows or Macs, we see issues with the
Credential Manager (Windows) or Keychain Access (Mac)
remembering the “old” password.- Once this is cleared out, have them open their
email client again. Since you just had them clear
the Credential Manager for this account, they should
be prompted for the email address and password
again. - Have them re-enter that information correctly. It
would be safe for them to “remember” the password.
This, in turn, will create a new entry in the
credential manager.
- Once this is cleared out, have them open their
