Looking out for suspicious links in Kerika

We had some incidents recently where hackers stole the Microsoft credentials from some folks in Europe and North America (there’s been a lot of that lately), and then used these stolen credentials to sign up as Kerika users.

Once they signed up, they created Whiteboards that were made to look like they included official links from Microsoft to download documents.  Here’s what one of them looked like (we have obscured some information):

 

The link in the image shown above led to a phishing site where people might inadvertently enter their Microsoft credentials in order to read this document, which would have looked like it came from a Kerika board that was owned by a trusted colleague.

To make this more convincing, they used a very old feature of Kerika’s Whiteboards that’s called VIEW AS WEBPAGE:

 

This feature was originally built to help nonprofits and open-source teams share their work with people who weren’t Kerika users: the Board Admin could create an ordinary Web page that contained everything that was on the Whiteboard.  This page was then sent to the contacts of the person whose credentials were stolen.

To deal with this, we have made some important security updates throughout the Kerika app, on the desktop and on mobile devices:

  • Whenever you add a link to any task (card), chat, board, or canvas in Kerika, we will check if that link is known to be suspicious or malicious.
    If so, you will be warned, and Kerika’s security team will be informed immediately. Your account will then be monitored to see if this behaviour continues.
  • Whenever you click on any link anywhere inside the Kerika app, we will check again if that link is known to be suspicious or malicious, and will warn you if that’s the case.
    Please take this warning seriously!

We have disabled the VIEW AS WEBPAGE feature for Whiteboards while we evaluate the results of these security improvements.  Once we feel confident we have dealt with this situation we will consider re-enabling that feature. (Let us know if this feature is important to you.)

We are using Google Web Risk service to help screen URLs entered by our users.  Google has been dealing with malicious websites since they started, and we think they have some great resources that we can leverage to improve security for our own users.

Mr Bond, they have a saying in Chicago: 'Once is...

What’s in our latest release

A ton of bug fixes, most of them so obscure that no end-users ever spotted them, but since we track our error codes seriously we make sure we fix stuff that no one even knew fixing.  Some of the bug fixes are truly obscure, here’s a few from our latest version that’s easier to explain:

  • There were some problems related to how our iOS app was updating that were a result of Apple deciding not to support Progressive Web Apps anymore.  (Thanks for nothing, Apple.)
  • When a person renamed a file attached to a task or board, the file was appearing as having unread updates (orange highlight) to the user who made the change.
  • For our Kerika+Microsoft users, we needed to make sure the correct OneDrive icons were appearing where files were attached to tasks and boards.
  • Also for our Kerika+Microsoft users: OneDrive files are better support for users of our Whiteboards feature.
  • When a text field could potentially be auto-filled using the browser’s saved values, if a user selected a saved value it wasn’t displaying properly.  (Thanks to a breaking change in one of Chrome’s many, many updates — seriously, why are they releasing new versions every week?)
  • Dates shown for non-English users will now appear in the locally selected languages.
  • If a user opened a task on the mobile apps that had been found by doing a search, editing the task’s title was showing HTML characters.
  • Handling situations better where two people were making changes to the same task at the same time: users are warned if someone else has made changes that would get overwritten if they saved their own changes.
  • Improvements in the new user experience: this is, frankly speaking, a never-ending quest for us!
  • Fixed a situation where a new user who didn’t complete their signup returned later to Kerika: the language selection that’s the first thing that a new user does wasn’t working properly.
  • We made it easier for people to stop getting their 6AM task summary emails; we really should have done this a long time ago.
  • Fixed a long-existing bug that finally surfaced that omitted some tasks from the 6AM emails.

 

For 4 quarters in a row, Kerika has been identified as a Leader in Task Management by Sourceforge








Kerika + Twine: a great partnership for freelancers everywhere

We are thrilled to announce a partnership with Twine, a global expert network that major companies are using to outsource all kinds of work:

  • Designers
  • Animators
  • Musicians
  • Filmmakers
  • Photographers
  • Marketers
  • Developers
  • Illustrators

Twine has over 500,000 registered members already, and is growing fast — and we are thrilled to be partnering with them to help Twine’s freelancers and clients get more done using our Task Boards.

Twine’s users are exactly the kind of folks that Kerika was designed for: creative people, developers, freelancers and businesses that need to come together quickly to execute on a project.  In an environment that’s that fast-moving, having access to a task management tool that’s designed specially for remote and distributed teams, with a design that’s simple enough for anyone to get going with, is essential.

And that’s where Kerika can help Twine’s community.

As part of this partnership we will develop custom templates that can help Twine projects get going faster.  And that’s just a starting point: we hope, over the coming months, to deepen this relationship!

A naming change for Done and Trash

We are making a change to the names of the Done and Trash columns on Task Boards, to make it easier for new users to understand what these columns represent.

The Done column will become Completed and the Trash column will become Deleted.

Looking at the demographics of our new users, we found that over 80% had never used any kind of boards before, and we think the new names will be easier for them to understand.

This is just a naming change, there’s no difference in functionality.

We would like to know a little about you

We are asking new users two simple questions, at the time of sign up:

Questions at Sign Up

These two questions, that take just a few seconds to answer, will help us create a more custom onboarding experience for new users. This is still a work-in-progress, of course, and in the first step we are just collecting some data while we get the rest built.  There are a bunch of customization ideas we are exploring. Stay tuned.

This is Us

Our team has had much to celebrate over the past few months, as we achieve milestone after milestone.  This is the India-based development team of Kerika:

Kerika’s India-based development team