LogMeIn Security Update

This one surprised me today.

LogMeIn sending me an email, that was already a surprised since I do not recall creating an account there, but the most surprising was the text in the email saying "download this certificate". Any semi-knowledgeable person would know that certificates are on servers and just work. You do not specifically download them.

Also, as a server administrator, if it were truely a fix for Heartbleed, man! That company was S.L.O.W.

The two URIs in the email would say one thing and be something completely different. Both would send you to a hacked WordPress website:

Return-Path: <gardenia46@righthemisphere.com>
X-Original-To: alexis@m2osw.com
Delivered-To: alexis@m2osw.com
Received: from halk.m2osw.com (halk.m2osw.com [])
    by mail.m2osw.com (Postfix) with ESMTP id BCBEDCE03A5
    for <alexis@m2osw.com>; Tue, 28 Oct 2014 07:09:12 -0700 (PDT)
Received: by halk.m2osw.com (Postfix)
    id 856AE4C0265; Tue, 28 Oct 2014 07:08:24 -0700 (PDT)
Delivered-To: alexis@halk.m2osw.com
Received: from 89-97-225-56.ip19.fastwebnet.it (89-97-225-56.ip19.fastwebnet.it [])
    by halk.m2osw.com (Postfix) with ESMTP id F21954C025B
    for <contact@halk.m2osw.com>; Tue, 28 Oct 2014 07:08:21 -0700 (PDT)
Message-ID: <0KI2D4OB.1688695@righthemisphere.com>
Date: Tue, 28 Oct 2014 15:14:08 +0100
From: "LogMeIn.com" <auto-mailer@logmein.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
MIME-Version: 1.0
To: <contact@halk.m2osw.com>
Subject: October 28, 2014 LogMeIn Security Update
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit




Dear client,

We are pleased to announce that LogMeIn has released a new security certificate.

It contains new features:

  • The certificate will be attached to the computer of the account holder, which will prevent any fraud activity
  • This SSL security certificate patches the "Heartbleed" bug discovered earlier this year

Download the attached certificate here https://secure.logmein.com/update/cert_client.php. Update will be automatically installed by starting it.

As always, your Logmein Support Team is happy to assist with any questions you may have.

Feel free to contact us by visiting https://secure.logmein.com/contactus/