Sweet32: Birthday attack on 64-bit block cipher - Withdrawal of 3DES cipher support for all Zoho services - 31/01/2017
Zoho always tries to provide utmost security and privacy to our users and here is one such instance. This is about removing weak and insecure ways to access our platform and strengthening it based on industry standard recommendations from time to time.
3DES, a 64-bit block cipher, is one of the algorithms used for encryption. These block ciphers, with short block size, are vulnerable to a type of cryptographic attack, known as the Birthday Attack. Due to this vulnerability, all Zoho services will stop extending support to 3DES from January 31, 2017.
After Zoho disables 3DES cipher, any communication with a Zoho service will need to use AES (128/256) cipher for encryption. All modern browsers/clients and operating systems support robust algorithms like AES. In order to avoid issues connecting with Zoho services, we advice our users to stay up-to-date and update to such latest systems.
1) Internet Browsers:
We monitored our traffic and observed that around 98% of users connecting via 3DES are using IE on Windows XP or Windows 2003 server. These legacy systems do not support AES based ciphers by default. As these systems are no longer supported by its vendor, we recommend our customers to upgrade their OS or at least use latest browsers like Firefox/Chrome.
2) API Integrations:
If your APIs use 3DES cipher to access Zoho's Applications, please update your API to connect via AES(126,256). Refer the following to set the cipher suite for the language you are using:
Java - Set the cipher suite in javax.net.ssl.SSLSocket.
Ruby - Set the preferred cipher suite in OpenSSL::SSL::SSLContext
PHP - Set CURLOPT_SSL_CIPHER_LIST to a list cipher suites that uses AES for encryption to your Curl options.
Python - Set the cipher suite in SSLContext.set_ciphers.
c# - Use CipherAlgorithmType AES.
You can also refer SSLLabs to check whether you will be affected by this measure. Do get in touch with the respective Zoho product team in c ase you have any queries.
Take these measures right away so that you are not affected by this attack. To know more about the sweet32 vulnerability, refer : https://sweet32.info/
Topic Participants
Santhakumari V
Sticky Posts
Thanksgiving 2022 - Celebrating Zoho Community SuperBuds
One of the things we love most about our Zoho User Community is how readily our users help each other out, and share their Zoho and business knowledge. Be it the community forums, the virtual and in-person meetups, or Zoholics, it's been heart-warmingZOHO-20 to fight COVID-19
While the world economy is taking a hit, we, at Zoho, are doing our bit to help small businesses come out of this crisis. Here are all the programs and packages offered by Zoho to fight Covid-19. 1. ESAP: The Small Business Emergency Subscription Assistance Program (ESAP) gives our severely impacted small business customers access to Zoho software they currently use, free for three months. All Zoho customers with 25 employees or fewer who have been severely impacted by the coronavirus-related downturnIssues with Forum posts approval in Zoho Community
Hi All, Issue: Some of you have reported that the posts/comments made today are going for moderation. The issue started few hours ago, and the behaviour was reported in CRM and Creator Forums by a few customers/partners. We were able to see the same problem in a few other product forums too. How it impacts you: Don't worry if you find that your posts and comments are stuck in moderation. Your posts/comments are safe. Please don't duplicate them. We're keeping a tab on the development and approvingSeverity high! Please change the URL of published forms.
We are facing some issues with our domain zohopublic.com, as it has been blocked by our registrar. We are diligently working with them to resolve the issue. As an interim measure, we request you to use zohopublic1.com, instead. If you are using Zoho Creator or Zoho Forms, please edit the embed code and change the domain to creator.zohopublic1.com for Zoho Creator and forms.zohopublic1.com for Zoho Forms. If you are using Zoho Survey, you will have to re-send the survey link to the participants. We
Recent Topics
Share material, Lock Meeting and revamped feedback UI in the latest version of the Meeting iOS app.
Hello all, In the latest version of the Zoho Meeting iOS mobile app (v1.6), we have brought in the below enhancements. Share material in meeting: We have introduced share material during meeting that allows participants to view supported materials suchLatest updates in Zoho Meeting | New chat feature between an organizer and co-organizer in webinars, recording consent for webinar co-organizers and attendees in the Android app, and more.
Hello everyone, We’re excited to share a few updates for Zoho Meeting. Here's what we've been working on lately: A new chat feature between an organizer and co-organizer in webinars, recording consent for webinar co-organizers and attendees in the AndroidLatest updates in Zoho Meeting | A new Files tab to manage all your PDFs, PPTs, Video files and recordings, live transcription , ability to lock settings and adaptive echo cancellation.
Hello everyone, We’re excited to share a few updates for Zoho Meeting. Here's what we've been working on lately: A new Files tab to manage all your PDFs, PPTs, Video files and recordings, live transcription during sessions, ability to lock settings andLatest updates in Zoho Meeting | Meeting Rooms , Pin video feeds and customize from and reply-to email addresses
Hello everyone, We’re excited to share a few updates for Zoho Meeting. Here's what we've been working on lately: Introducing Zoho Meeting Rooms, an immersive solution for teams to connect over virtual meetings in video conference rooms. You can also pinLatest updates in Zoho Meeting | New top bar video layout, a revamp of our in-session settings and now import webinar registrations with a CSV file
Hello everyone, We’re excited to share a few updates for Zoho Meeting. Here's are some of them : We have moved audio, video, virtual background and preferences under a single settings pop-up for better user navigation. You can now upload a CSV file containingImportant update: Changes in email sender policies
Hello, This is to announce important changes to email sender policies from Google that may impact your use of Zoho Meeting. Restriction on public domains Effective February 1, 2024, Google is implementing policies that will affect the configuration ofCamera access
My picture doesn't appear in a group discussion. (The audio is fine.) The guide says "Click the lock icon on address bar," but I can't find it. Advise, pleaseChat for webinar session, schedule meeting session for 24 hours - Zoho Meeting iOS app update
Hello, everyone! In the most recent iOS version of the Zoho Meeting app, we have introduced the chat functionality for the webinar session. To access this feature, the Organizer should have the 'Public chat' option enabled on the Zoho Meeting desktopInvoice Copy 2005116990189
Please provide the invoice for the trancaction 2005116990189Darshan Hiranandani About
Hi, I’m Darshan Hiranandani, a dedicated software developer with a strong passion for creating efficient and user-friendly applications. With a degree in Computer Science and several years of experience in the tech industry, I specialize in full-stackLatest update in Zoho Meeting | On-demand webinars
Hello everyone, We’re excited to introduce our new on-demand webinar feature, you can now provide pre-recorded sessions that your audience can access immediately, no need to wait for scheduled sessions. Benefits of On-demand webinars : Scheduling flexibilityZoho Meeting iOS app update - Join breakout rooms, access polls, paste links and join sessions, in session host controls
Hello, everyone! In the latest iOS version(v1.7) of the Zoho Meeting app, we have brought in support for the following features: Polls in meeting session Join Breakout rooms Paste link in join meeting screen Foreign time zone in the meeting details screen.Zoho Meeting app update.
Hello, everyone! In the latest Android (v2.3.7) and iOS (v1.7.1) versions of the Zoho Meeting app, we have brought in support for the following features: Report Abuse option. WorkDrive integration. Report Abuse option You can now report to us any deceptiveZoho Meeting Android app update - v2.4.0
Hello everyone! We are excited to announce that we have brought in support for the following features in the latest version of the Zoho Meeting Android app(v2.4.0): 1. Start Personal Meeting Rooms 2. Revamp of the schedule meeting screen and meeting detailsIntroducing Zoho Desk integration and a few minor enhancements
Zoho Desk Integration We've now introduced an integration between Zoho Meeting and Zoho Desk to efficiently manage meeting-related customer inquiries. With this integration, you can track, respond to, and resolve meeting-related tickets directly fromZoho Meeting iOS app update: Hearing aid, bluetooth car audio and AirPlay audio support.
Hello everyone! We are excited to announce the below new features in the latest iOS update(v1.7.4) of the Zoho Meeting app: 1. Hearing aid support: Hearing aid support has been integrated into the application. 2. Bluetooth car Audio, AirPlay audio support:Zoho Meeting Android app update: Breakout rooms, noise cancellation
Hello everyone! In the latest version(v2.6.1) of the Zoho Meeting app update, we have brought in support for the following features: 1. Join Breakout rooms. 2. Noise cancellation Join Breakout rooms. Breakout Rooms are virtual rooms created within a meetingiOS 12 update: Introducing autofill passwords and Siri Shortcuts in Zoho Vault
With this iOS 12 release, Zoho Vault users can now autofill usernames and passwords on Safari and other third-party apps. Users can enjoy a seamless login experience to their everyday apps without compromising security and also access passwords stored in Zoho vault with Siri Shortcuts by adding personalized phrases. How to enable autofill password on your iOS device? First, you need to update your device to iOS 12. Apple recommends you to take a backup before you update your device to the latestZoho Vault: A look at what's new for iOS, iPadOS, and macOS
Hi everyone, At Zoho Vault, we constantly aim to improve your security experience. Based on both internal and external feedback, we have recently rolled out updates across our iOS, iPadOS, and support for macOS platforms. Introducing the desktop app forBiometric Access Support on Zoho Vault Desktop App
Is there any plans to add biometric authentication (fingerprint, face recognition) for Vault desktop apps (Windows/macOS) to enhance security and ease of access. I would love to hear other members view on thisFree webinar: Learn the benefits of migrating to Zoho Vault's new interface
With remote work becoming more and more common across the globe, productivity and time management are now pivotal concerns for every organization. With the number of business applications employed by companies constantly increasing, a password manager like Zoho Vault saves a lot of productive hours for your team. Vault's new interface has been carefully designed to address these pressing needs, helping users increase their productivity while improving their overall online experience. This July,Free Webinar: An exclusive live Q&A session with the Zoho Vault team
As 2020 draws to an end, we're closing out a year that has seen drastic changes all around the world. Many businesses have adopted cloud solutions and a remote work culture for the first time, and this has given rise to newer cyber risks and threats thatWhy passwordless authentication should be your top security project for 2021
Hello users! We know that nobody likes to remember passwords, yet they form an indispensable part of our lives. Many of us working with any kind of technology today manage numerous passwords for personal and business accounts. With the widespread adoptionFree Webinar: See why Zoho Vault is the best alternative to LastPass
When LastPass was acquired by LogMeIn in Oct 2015, we expressed our genuine concern about how this would change the LastPass business model and how customer trust would transfer from one company to another. As we suspected, LastPass doubled their pricingManaging cyber threats when working remotely | A Customer Survey Report
The nearly universal adoption of remote work has changed the way businesses function. Globally, enterprises continue to work to find new ways to make life easier for employees working remotely. However, a commonly cited concern has been the lack of cybersecurityWorld Password Day: 5 interesting facts about passwords
It's World Password Day: that time of the year when we talk about password hygiene and the importance of safe password management. World Password Day is observed on the first Thursday of every May, and this year, we'd like to talk about some of the mostFree Webinar: Go passwordless in 2022 with Zoho Vault
Passwords have long been the preferred authentication method, largely due to their universal appeal. While they're easy for people to use and implement, they're also convenient for hackers to exploit. Reports from 2021 state that weak and stolen passwordsMyki has announced EOL for its services | Learn why Zoho Vault password manager is the best alternative
Hello Myki users, Myki has announced end-of-life for its Teams, MSP, and GUARD services, after being acquired by JumpCloud. In their recent announcement, Myki stated that they will be removing their apps and extensions from the respective stores, turningJoin our exclusive meetup with Zoho's Real Estate community
Hey there, The Zoho Vault team is conducting a meetup for all real-estate users from Zoho. During this session, we will be discussing the need for secure password management and how Vault can help you and your clients safely protect passwords and otherFree webinar: A quick walkthrough of Zoho Vault and major updates in 2023
Managing passwords is crucial for all businesses. You can securely store, share, and manage passwords effectively from anywhere with Zoho Vault. We have introduced several new features in 2023 to offer the best online experience for our users. Join ourFree webinar: Why a password manager is a “must-have” for everyone in 2024
In the past decade, we've witnessed numerous cybersecurity breaches globally, with a significant portion resulting from the "it won't happen to me" mindset. Shockingly, in 2023, 86% of breaches involved weak and stolen passwords. Password hygiene is crucialZoho Vault - Webinars 2023 - Video Recordings and Slide Decks
Hello, We wanted to offer a consolidated list of Zoho Vault webinar resources from 2023. Therefore, we're putting together a list that includes links to our webinar recordings and slide decks for easy access. Webinar Video recording Slide deck GettingFree webinar: Focal point: Building a financial ecosystem with Zoho Vault and Zoho Workplace
Hi everyone! Cyber threats against the financial sector are escalating. In the last two decades, nearly one-fifth of reported incidents targeted financial institutions, causing $12 billion in direct losses. Cybercriminals are becoming more sophisticated,New features in Zoho Vault
We’re thrilled to introduce a wave of powerful updates in Zoho Vault, designed to enhance security, streamline workflows, and improve your overall experience. Let’s dive into what’s new! Folder creation restrictions Limit who can create folders in yourJoin our World Password and Passkey Day expert Q&A 2025
Hey everyone! World Password and Passkey Day is almost here, and there's no better time to talk about something we all rely on daily—secure authentication. Did you know that a staggering 60% of hacking-related breaches are tied to weak or stolen passwords?Dashlane discontinued its free plan: Here's why Zoho Vault's free plan is worth the switch
Hey everyone, Dashlane password manager has officially announced that its free plan will be discontinued starting September 16, 2025. This change means that current free users will need to either upgrade to a paid subscription or export their data andIntroducing SecureForms in Zoho Vault
Hey everyone, Let’s face it—asking someone to send over a password or other sensitive data is rarely straightforward. You wait. You nudge. You follow up once, twice—maybe more. And when the information finally arrives, it shows up in the worst possibleClickjacking: Zoho Vault's Response
Issue: Password manager browser extensions are found to be vulnerable to clickjacking security vulnerabilities that could allow attackers to steal account credentials, TFA codes, and card details under certain conditions. Reported by: Marek Toth, IndependentFree webinar: Security that works: Building resilience for the AI-powered workforce
Hello there, Did you know that more than 51% of organizations worldwide have experienced one or more security breaches, each costing over $1 million in losses or incident response? In today’s threat landscape, simply playing defense is no longer enough.Free webinar—Redefining workforce security with Zoho Vault: Passwords, passkeys, and multi-factor authentication
Hi everyone! Did you know that in Q2 alone, 94 million data records were leaked globally? Behind every breach is a combination of poor password habits, phishing attacks, privilege misuse, and simple human error. The fallout—including reputational damage,Next Page