Scheduled Security Maintenance - 16/Oct/2014

Update 2, 16/Oct/2014, 11:58pm: The maintenance has been completed ahead of schedule and with minimal disruption!

Update, 15/Oct/2014, 6:55pm: I just got back from an unexpected afternoon in the ER—I’m fine, just a minor lunch accident—and so am pushing this back to tomorrow night, 16/Oct/2014, at 11:45pm.

A security vulnerability named POODLE (link is to the technical security blog post describing it) was announced yesterday.

There is no evidence that this exploit has been used against TodaysMeet, where the issue is low-impact, due to the limited scope of what can be accomplished or stolen with it.

From what I’ve been able to determine, TodaysMeet users on supported browsers are at risk and so I am scheduling a maintenance period for 11:45pm to midnight, Eastern, tonight, 15 October 2014.

Follow along on status.todaysmeet.com. Updates will also be posted to Twitter, and this blog post will be updated when the maintenance work is complete.

As the necessary changes are very small, I am also taking the opportunity to perform some periodic security housekeeping procedures.

Users on supported browsers should only notice any hiccups if they are signed in, and will need to sign in again. Otherwise, there should be no noticeable interruption in service.

Users on unsupported browsers (specifically Internet Explorer 6 (IE6)) on Windows XP will no longer be able to access TodaysMeet.

As this issue is extremely widespread, and involves a fallback, 15-year-old protocol, users of IE6 on Windows XP are strongly encouraged to upgrade to IE7 or 8, which will be able to connect to TodaysMeet and other modern web servers, with better protection.