Sweet32: Birthday attack on 64-bit block cipher - Withdrawal of 3DES cipher support for all Zoho services - 31/01/2017

Sweet32: Birthday attack on 64-bit block cipher - Withdrawal of 3DES cipher support for all Zoho services - 31/01/2017

Zoho always tries to provide utmost security and privacy to our users and here is one such instance. This is about removing weak and insecure ways to access our platform and strengthening it based on industry standard recommendations from time to time.


3DES,  a 64-bit block cipher,  is one of the algorithms used for encryption. These block ciphers, with short block size, are vulnerable to a type of  cryptographic attack, known as the Birthday Attack. Due to this vulnerability, all Zoho services will stop extending support to 3DES from January 31, 2017.


After Zoho disables 3DES cipher, any communication with a Zoho service will need to use AES (128/256) cipher for encryption. All modern browsers/clients and operating systems support robust algorithms like AES. In order to avoid issues connecting with Zoho services, we advice our users to stay up-to-date and update to such latest systems.


1) Internet Browsers:

We monitored our traffic and observed that around 98% of users connecting via 3DES are using IE on Windows XP or Windows 2003 server. These legacy systems do not support AES based ciphers by default. As these systems are no longer supported by its vendor, we  recommend our customers to upgrade their OS or at least use latest   browsers like Firefox/Chrome.

 

2) API Integrations:
If your APIs use 3DES cipher to access Zoho's Applications, please update your API to connect via AES(126,256). Refer the following to set the cipher suite for the language you are using:

 

Java     - Set the cipher suite in javax.net.ssl.SSLSocket.

Ruby    - Set the preferred cipher suite in OpenSSL::SSL::SSLContext

PHP     -  Set CURLOPT_SSL_CIPHER_LIST to a list cipher suites that uses AES for encryption to your Curl options.

Python - Set the cipher suite in SSLContext.set_ciphers.

c#        - Use CipherAlgorithmType AES.

 

You can also refer SSLLabs to check whether you will be affected by this measure. Do get in touch  with the respective Zoho product team in c ase you have any queries.
Take  these measures right away so that you are not affected by this attack.  To know more about the sweet32 vulnerability, refer : https://sweet32.info/

    • Sticky Posts

    • Zoho MVP Batch of 2023

      Image: Zoho MVP Batch of 2023 Presenting the Zoho MVPs for 2023: Michael Trow Damien Cregan Kevin Flynn Donald Love Gordon Mankelow Abhishek Sharma Nik Khairul Bryan Pape Hugh Marshall Bhoomi Joshi Mikhail Koval Ken Florian Sven Rösser Our MVPs are passionate

    • Thanksgiving 2022 - Celebrating Zoho Community SuperBuds

      One of the things we love most about our Zoho User Community is how readily our users help each other out, and share their Zoho and business knowledge. Be it the community forums, the virtual and in-person meetups, or Zoholics, it's been heart-warming

    • Zoho MVP Batch of 2022

      Image: Zoho MVP Batch of 2022 Zoho MVPs are passionate customers and partners who go out of their way in helping the community members. With their significant contributions in the community forums, they help cut short the learning curve of the members,

    • ZOHO-20 to fight COVID-19

      While the world economy is taking a hit, we, at Zoho, are doing our bit to help small businesses come out of this crisis. Here are all the programs and packages offered by Zoho to fight Covid-19. 1. ESAP: The Small Business Emergency Subscription Assistance Program (ESAP) gives our severely impacted small business customers access to Zoho software they currently use, free for three months. All Zoho customers with 25 employees or fewer who have been severely impacted by the coronavirus-related downturn

    • ​Issues with Forum posts approval in Zoho Community

      Hi All, Issue: Some of you have reported that the posts/comments made today are going for moderation. The issue started few hours ago, and the behaviour was reported in CRM and Creator Forums by a few customers/partners. We were able to see the same problem in a few other product forums too. How it impacts you: Don't worry if you find that your posts and comments are stuck in moderation. Your posts/comments are safe. Please don't duplicate them. We're keeping a tab on the development and approving

    • Recent Topics

    • How to display Motivator components in Zoho CRM home page ?

      Hello, I created KPI's, games and so but I want to be able to see my KPI's and my tasks at the same time. Is this possible to display Motivator components in Zoho CRM home page ? Has someone any idea ? Thanks for your help.

    • is zoho CRM down today ?

      Is zoho CRM down today ?

    • Export email adresses to email service provider (mailchimp or other)

      Hello, Is there a way to export a list of email adresses from a search in my Zoho Creator forms to an external email service (gmail, yahoo...) and initiate at the same time an email message that I will fill and send myself ? And what about Mailchimp,

    • is it possible to add more than one Whatsapp Phone Number to be integrated to Zoho CRM?

      so I have successfully added one Whatsapp number like this from this User Interface it seems I can't add a new Whatsapp Number. I need to add a new Whatsapp Number so I can control the lead assignment if a chat sent to Whatsapp Phone Number 1 then assign

    • Problem viewing document imported from google drive.

      Hello, When I add a document via my google drive, it is impossible to preview it. I get the error “Files without extensions cannot be previewed. Download to view this file”. Could you please help me? Also, and this is more of a question: is there a way

    • Launch Blueprint or Workflow Automation via Zoho Dataprep Import

      Greetings All, I'm curious - Is it possible to trigger a Blueprint or Workflow via Data Prep import? Thanks in Advance

    • Cross module filtering is now supported in CRM

      Editions: All DCs: All Release plan: This enhancement is being released in phases. It is now available in AU, JP, and CN DCs. Help resource: Advanced filters While the feature is being released in phases, you can also request for Early Access. Early Access

    • Posibility to add Emoticons on the Email Subject of Templates

      Hi I´ve tried to add Emoticons on the Subject line of Email templates, the emoticon image does show up before saving the template or if I add the Emoticon while sending an Individual email and placing it manually on the subject line. Emoticons also show

    • Status properties

      Hello, I created a new status called "Hold", but I want Zoho to recognize that when a project is on "Hold" the tasks will not appear as open and the deadlines will not show as delinquent. Basically, freezing the project until it's ready to start up again.

    • Bulk Delete Customer Contacts.

      Due to a config issue on my end (my fault), I have ALL contacts from CRM imported as contacts in Books. Some clients have 30+ contacts. Is there a funky way to bulk delete? Each contact has three clicks and a scroll to delete them.

    • Multiple domains for same username and password

      I've come across this situation the vault is currently suggessting the passwords autofill option by the domain. wondering whether is there any option to save one password for multiple domains since the microsoft login has two domains https://login.microsoftonline.com/

    • Introducing Bot Filtering for Accurate Email Campaign Analytics

      Dear Marketers, We're excited to announce a new feature designed to enhance the accuracy of your email campaign analytics: bot filtering. This feature helps you filter out bot-generated opens and clicks, ensuring your campaign reports reflect genuine

    • Option to specify or disable "Idle" times in preferences

      It seems strange to me that my Cliq shows me as "Idle" when I'm using the PC and available just because I haven't interacted with Cliq in a while.  I'm far from "Idle" so we're just treating "Idle" and "Available" to mean the same thing.  I'd like to suggest a setting to change the timeout or even disable the automatic "Idle" mode.

    • Lockable Due Dates

      Hello, is there a way to FIX due date of task or task list, so that they cannot be moved by linked task that are late? Like having a sort of "limit date" that would create an alert if not reached?

    • in zoho books while categorizing need to add new name in category by replacing expanses how to edit or make changes need assistance

    • Function #61: Automatically add free item to the invoice based on item quantity

      Hello everyone, and welcome back to another Custom Function Friday! During holiday seasons or special promotions, businesses offer deals like BOGO (Buy One, Get One), Buy 3 Get 1 Free, Buy 2 at 50% off, and much more to attract customers. These promotions

    • Regarding GST Report Issue in Zoho Books

      Hi, Right now, the very important point from my end is this Zoho Books issue. Here, you can see that we have created the invoice with the items of account sales and expenses. The journal is also correct. The profit and Loss statement is also correct.

    • Multiple Salesperson against an invoice

      Hello, Against a particular invoice, we have multiple sales people working. The reason we combine the invoice is becuase we are an exporter and often consolidate cargo for our customer to save them freight costs. How do I capture the contribution of each

    • Projectwise budget ---

      Can we have a Project wise subject in addition to the Monthly, and quarterly ACCOUNT LEVEL budget?

    • Looking back at Zoho Social's 2024: Highlights and memories

      Hey everyone, We hope you had a relaxing and joyous holiday season. Whether you're planning for the new year or still soaking in the magic of the season, we're here to share some exciting highlights from 2024 – a year that was fully packed with updates

    • Building a Zoho Extension for Webex CC - Handling URL Changes

      Hi everyone, I’m building a Zoho extension for Webex Contact Center (Webex CC) and facing an issue with handling URL changes. In telephony, I’ve set the URL of Webex CC to: https://desktop.wxcc-us1.cisco.com/ When this URL remains the same, everything

    • Remove County field from Customer Address input screen (or allow input to be deleted)

      We are in the USA and have just noticed that there is now a County field in the Customer Address input screen (and maybe other areas of Zoho Books, but this is the one affecting us at the moment). County is not important to our business, and in fact we

    • Zoho still running very slow

      I have a lead log for my company and creator seems to be running extremely slow still.

    • Bigin API Token Request ("invalid_client")

      Hi people, I tried to connect to the API without success, I've read all of the documentation multiple time and tried just about everything. I tried to do it with Python Request module and with Postman, passing the information through both the URL parameter

    • Shared Dashboard / Report Permissions : Read not Write

      hi all, We are missing a huge fonctionnalite in setting up Dashboards (and reports) on corporate level.  Currently, we can not set Read Permissions on share Dashboards (and reports) without giving write access as well When we create a corporate dashboard

    • Profile stitching with Zoho Marketing Automation

      When it comes to marketing, knowing who your audience is and tracking their interactions is vital. That's why Zoho Marketing Automation has taken a significant leap forward with its enhanced profile stitching feature. With this update, you can track your

    • GDPR

      Hi , I'm checking out the HIPPA capabilities and at the moment I can see only three modules that can be selected to enable HIPPA Any idea how I can add additional modules such as customers? TNX David

    • default task list for new project

      Is there any way to have a default task list already created in a project, when the project is created in Zoho Books?

    • Record less quantity than ordered in ZOHO inventory

      Lets say I ordered 100 widgets from a Vendor. I have paid the Vendor month ago and just waiting for the product to ship. I have finally received the products but have only received 80 widgets. I see no way in ZOHO to only receive 80 widgets. ZOHO is forcing

    • Stripe payments via Books invoice link missing email - affects fraud detection

      Hi, All our payments done via Books invoice link have a warning: Integration improvement available This transaction is missing customer email address, which affects fraud detection. Why doesn't Books pass this info to zohosecurepay.eu/books/... for more

    • Power of Automation: Automatically sync custom field data between two tasks.

      Hello Everyone, A Custom Function is a user-written set of code to achieve a specific requirement. Set the required conditions needed as to when to trigger using the Workflow rules (be it Tasks / Project) and associate the custom function to it. Requirement:-

    • 'View Invoice' button hyperlink taking to Google Business Maps listing

      The green "view invoice" button in my invoice emails is sending people to my Google maps business listing rather than the invoice. Both my clients and I are experiencing this as a new issue.

    • Migrating Zoho emails to Google Workspace

      Hi Is there a tool to migrate Zoho email to Google workspace?

    • Custom Functions - Calculate Commission - failure after migration from US to EU

      Hello, i would ask for help. My Custom Function - Calculate Commission stopped working and shows a failure. Mismatch of data type expression. Expected List but found String What is the problem? Could anyone help? Here is script: void automation.ObliczProwizje(Int

    • GoCardless Mandate Sync Question

      Hello, When syncing our customer database with GoCardless, some customers aren't working despite both email addresses matching in Zoho Books and GoCardless. Also what do we do about customers where they are associated with multiple accounts as these aren't

    • Create a draft in reply to an email via Emails API

      Hi, I’d like to use the outgoing webhook to automatically create a draft reply to incoming mail. How can I use the Emails API to create a draft reply that is linked to an existing email thread? I couldn’t find the relevant method in the documentation.

    • Weekly Tips: Flags for an organized mailbox

      Wishing you all a Happy New Year 🎉 As we step into 2025, it's time to refocus and set our intentions for the year straight. Whether you're already back at work or just returning from the holidays, you probably have emails that need your immediate attention,

    • Edit line item amount

      It would be sooooo much better to be able to edit the line item amount in all of the modules, if there is any variation in agreed prices it's extremely painful to calculate the rate to match ;-( The rate could be auto calculated on editing this field making life so much easier !

    • Chanel Partner

      Any Zoho channel partner or dubai based company who will help us for getting zoho services including the training for our staff

    • Refer a Friend Campaign

      I am looking to run a referral campaign that sees an initial email going to existing clients, asking them to refer a friend. For each new client referred, the existing client will get a ticket in a prize draw - the more new clients they refer, the more tickets they get in the draw.  I am wanting to figure out how this could be done via Zoho, and how these referrals can be tracked and linked to the existing client who referred them.

    • Next Page