Author: David Brockman

ClickTime’s BI&A Reporting Services Restored

On Friday, August 26th, 2022 at approximately 7:58pm PT our Operations Team was alerted that ClickTime’s Business Intelligence & Analytics, (BI&A) reporting services were unavailable. Service has been restored, (10:20pm PT) and testing indicates the system is fully functional and at no point was any data compromised.

The source of the outage was due to a vendor-reported power event. At this time, although BI&A has been restored, we have been alerted that we may see additional intermittent issues as our vendor continues to investigate on their side. At this time the ClickTime Operations Team is considering this issue resolved.

We apologize for any inconvenience you may have experienced. Please email support@clicktime.com if you have questions or additional issues of any nature. Thank you for your understanding.

The ClickTime Team

Business Intelligence & Analytics (BI&A) Reporting Services are Unavailable

At this moment, ClickTime’s Business Intelligence & Analytics (BI&A) reporting services are unavailable. We are working diligently to restore BI&A, but feel free to reach out to support@clicktime.com for additional information.

Updates

9:58pm PT update: We have identified the underlying issue with ClickTime’s Business Intelligence & Analytics (BI&A) reporting services and are currently working on a resolution. We appreciate your understanding and will continue to update you as we progress. Thank you for your patience.

ClickTime’s Response to Log4j Vulnerability

On Friday, December 10, 2021, the United States Cybersecurity and Infrastructure Security Agency issued an alert about a vulnerability in Apache’s Log4j logging framework (CVE-2021-44228).

Our security and development teams have reviewed all of our code and internal systems and confirmed that the ClickTime service isn’t vulnerable to Log4j. We are actively monitoring this industry issue and reviewing all of our vendors and third-party services to determine if any of them use the vulnerable component and need to be updated.

We take the protection of our customers’ data very seriously. Updates will be posted to this thread at https://system.clicktime.com as additional information becomes available.

Updates

12/13/2021 03:00pm PT update: Our operations team identified one internal system monitoring tool whose vendor acknowledged it needed to be updated due to the Log4j (also known as Log4Shell) vulnerability. This system isn’t accessible to the public and thus wasn’t directly at risk but we have completed the update successfully. We continue to investigate our software and our vendors for any issues or updates needed.

12/14/2021 04:30pm PT update: Our security and development teams have reviewed all of our code and internal systems and confirmed that the ClickTime service isn’t vulnerable to Log4j.

12/15/2021 10:05am PT update: We continue to review all vendors, third-party software and third-party services we engage with to ensure that they are verifying and updating their systems as needed.

Mobile App 1.4 Deprecated

If your ClickTime mobile app isn’t working and referred you to this system blog, you are probably using an old mobile app version (v1.4 or older) that is no longer supported. Please remove the old version of the mobile app from your mobile device.

You can download the new version of the ClickTime mobile app at the App Store for iOS devices or the Google Play store for Android devices.

ClickTime Scheduled Maintenance

The ClickTime system will be undergoing emergency maintenance on Sunday, January 10 at 12:00 noon Pacific Standard Time (GMT -08:00).

This maintenance window will last for three (3) hours, with service resuming at 3:00pm Pacific Standard Time (GMT -08:00). During this time, the ClickTime system will be periodically unavailable or respond more slowly than usual.

Explanation: As a result of network performance issues identified today, Saturday January 9, we are taking advantage of the weekend to accelerate equipment upgrades on our network which had been planned for February. The availability and security of the ClickTime system is our top priority. We sincerely apologize if this maintenance causes you any inconvenience.

As always, we welcome questions or concerns at support@clicktime.com or follow @clicktime on Twitter.

ClickTime Performance Issues – Jan 9, 2021

4:15 pm PST – Access to ClickTime is now restored. Some customers may experience a slight lag in response time while the network updates propagate.

3:00 pm PST – We are continuing to review network performance issues, and are currently in communication with our upstream providers. As soon as our tests are complete, we’ll be restoring access to a small number of customers as we work to resume normal service.

1:15 pm PST – We are in the process of replacing certain components of our network to resolve the issues identified earlier today.

12:15 pm PST – We are currently working to address performance issues upstream from our application.

10:15 am PST – We have temporarily redirected all site traffic to this ClickTime System Status page.

9:45 am PST – ClickTime is looking into general performance issues, which were identified at 9:15 AM PST, so some customers may experience difficulty accessing our site.

TLS 1.0 and 1.1 Not Supported as of September 15, 2020

As previously announced, we will no longer support TLS (Transport Layer Security) versions 1.0 and 1.1 starting on September 15, 2020.

All supported browsers and operating systems already support TLS 1.2 so this should not affect any individual person’s ability to access and use ClickTime’s web and mobile apps. It’s possible, however, that some integrations or third-party solutions that interact with ClickTime in an automated fashion using our REST API, SOAP API or Excel Linking features may have been built on outdated technology that doesn’t support modern security standards.

For more information regarding TLS please see the following:

Why are we deprecating TLS 1.0 and 1.1?

We are deprecating TLS 1.0 and 1.1 to ensure ClickTime supports our customers and partners with safe and secure communication protocols. The use of TLS 1.2 is a recommended security best practice that provides a higher degree of privacy and data integrity over previous versions and to maintain compliance with the latest industry standards.

What you should know?

Transport Layer Security (TLS) is a cryptographic protocol used to establish a secure communications channel between two systems. It is used to authenticate one or both systems and protect the confidentiality and integrity of information that passes between them. TLS 1.2 was published in 2008 to replace version 1.0 (published in 1999) and version 1.1 (published in 2006).

How can I track whether I’m impacted by this or not?

If your integration stops functioning after September 15, 2020, your integration or the system on which it’s running will need to get updated to maintain compliance with the latest industry standards.

What happens if my system doesn’t support TLS 1.2 and I don’t upgrade them?

If any of your integrations still require an older TLS version after these old versions are deprecated on September 15, 2020, those integrations won’t be able to connect to ClickTime.

If you have any additional questions, please contact ClickTime Support.

The ClickTime Team

TLS 1.0/1.1 Deprecation Test Starts Today

As previously announced we are beginning a 48-hour TLS deprecation test starting at 10am Pacific Time (4pm GMT) today, July 28th, 2020, and it will run through 10am (4pm GMT) on July 30th, 2020. During this time, we will stop supporting TLS (Transport Layer Security) versions 1.0 and 1.1. 

All supported browsers and operating systems already support TLS 1.2 so this should not affect any individual person’s ability to access and use ClickTime’s web and mobile apps. It’s possible, however, that some integrations or third-party solutions that interact with ClickTime in an automated fashion using our REST API, SOAP API or Excel Linking features may have been built on outdated technology that doesn’t support modern security standards.

Please test your ClickTime integrations during the 48-hour test window to ensure your software supports TLS 1.2.

For more information regarding TLS please see the following:

Why are we deprecating TLS 1.0 and 1.1?

We are deprecating TLS 1.0 and 1.1 to ensure ClickTime supports our customers and partners with safe and secure communication protocols. The use of TLS 1.2 is a recommended security best practice that provides a higher degree of privacy and data integrity over previous versions and to maintain compliance with the latest industry standards.

What you should know?

Transport Layer Security (TLS) is a cryptographic protocol used to establish a secure communications channel between two systems. It is used to authenticate one or both systems and protect the confidentiality and integrity of information that passes between them. TLS 1.2 was published in 2008 to replace version 1.0 (published in 1999) and version 1.1 (published in 2006).

How can I track whether I’m impacted by this or not?

We highly recommend using your integrations during the 48-hour test deprecation window. If the integrations work normally, then you’re ok. If your integration doesn’t work during the 48-hour test deprecation window, your integration or the system on which it’s running will need to get updated to maintain compliance with the latest industry standards and keep functioning after September 15, 2020.

What happens if my system doesn’t support TLS 1.2 and I don’t upgrade them?

If any of your integrations still require an older TLS version after these old versions are deprecated on September 15, 2020, those integrations won’t be able to connect to ClickTime.

If you have any additional questions, please contact ClickTime Support.

The ClickTime Team