OpenSSL “Heartbleed” vulnerability in POPcon

A security vulnerability in the OpenSSL libraries was recently discovered and widely reported on. Since our products POPcon, POPcon PRO and POPcon NOTES also use OpenSSL for connections to SSL-encrypted POP3 and IMAP servers these products could be attacked too through the vulnerability called “Heartbleed”.
The risk is comparatively low actually because POPcon works as an SSL client so it can only be attacked by the servers it connects to actively. POPcon is not open to attacks by random systems, only the provider POP3 servers you connect it to could run a Heartbleed attack.

We incorporated the latest OpenSSL library fix into our products POPcon, POPcon PRO and POPcon NOTES and published the new version 3.84 on our website.

Our other products are not affected – they don’t use the OpenSSL libraries.

If you are running an older version of POPcon with POP3-SSL or IMAP-SSL connections to your email servers or plan to use SSL in the future you should upgrade (free of charge) to the new version. Your license code and all configuration settings includeing all accounts, usernames and passwords will automatically be imported in the new version. In most cases you will be able to “over-” install the new version directly but in some cases the InstallShield might not allow that because “there already is a version installed”. In that case you can just uninstall the old version (through the Windows control panel) and then install the new version. Still all configuration settings, license, accounts and so on will stay in the registry when uninstalling and will automatically be imported in the new version.

You can download the new version here: