We are delighted to announce the launching of our newest service - webpage in-browser monitoring.
Check out the features and see if it's right for you:
Looking for an extra income? We’ve got an idea: why don’t you enroll in our affiliate program to start cashing in?
A significant Linux vulnerability that allows remote code execution to Linux server(s) was announced late yesterday, named GHOST: CVE-2015-023. Full details of the vulnerability are available at www.openwall.com/lists/oss-security/2015/01/27/9. While the issue has been fixed as early as Mar 21, 2013 it was not marked as a security threat and as a result the patch was not backported to most of the stable and long-term-support distributions like RHEL, Centos, Ubuntu 12.04 etc which left them vulnerable.
Updates for CentOS are already available in the Updates repository so a simple "yum update" will install the required patches to mitigate this vulnerability.
As you probably know, a number of news sources, corporations, and the OpenSSL team reported yesterday 14 October 2014 that version 3 of Secure Sockets Layer (SSLv3) is vulnerable at the protocol level. More information about the vulnerability can be found here - CVE-2014-3566.
To prevent any potential leaks from this vulnerability we have immediately disabled SSLv3 on all our web servers including the API endpoints. Our monitoring agents are not affected by this change and will continue to support SSLv3 for the time being in order to be able to monitor properly servers that do support SSLv3 only. We are urging all customers to disable SSLv3 on hosts interacting with the our services as soon as possible and upgrade to use Transport Layer Service (TLS).
Today (Jan 21, 2014) between 07:00 and 09:00 UTC mainland China was hit by a wave of network issues. A large number of both Chinese and international domains were reporting connection timeouts and were completely unaccessible. The cause for this was that for some reason a large number of domains were resolving to a single IP address - 18.104.22.168. The problem was reported as resolved in most places around 08:50. Due to the DNS caching infrastructure however a lot of users will still be affected until the cached bogus records expire. Users were suggested to use alternative DNS servers like Google's 22.214.171.124. We strongly recommend if you are using a DNS caching server in China to flush it as soon as possible to avoid DNS issues
The news sources in China first blamed it on a DNS poisoning of the root and the gTLD DNS servers. This however is not the case since the networks outside mainland China were not affected at all. Our investigation showed DNS responses from authoritative name servers coming with bogus data when queried from our servers in Beijing, Shangai and Guangzhou.
For example our first notice of the issue was when we requested the A record of static.bbci.co.uk. from ns1.thdow.bbc.co.uk (126.96.36.199), which is one of the authoritative DNS serves for bbc.co.uk, the response was
static.bbci.co.uk. 37621 IN A 188.8.131.52
instead of the correct record which is
static.bbci.co.uk. 900 IN CNAME static-bbci.bbc.net.uk.
This suggests that the response packet was modified in transit and the most likely culprit is the Golden Shield Project (also known as The Great Firewall of China). A possible reason for the misshap is that instead of blocking the 184.108.40.206 IP address all DNS queries were redirected to this IP. Ironically they actually succeeded blocking the IP by creating a massive DDOS attack from all Chinese users who were making connections to this address while trying to access different sites.
The offending IP 220.127.116.11 has an interesting story itself but I'll just put a few pointers
- It is owned by Sophidea, Inc. registered on the address 2710 Thomes Ave Suite 884, Cheyenne, WY, 82001, US. Reuters ran a special story about this address a few years ago (www.reuters.com/article/2011/06/28/us-usa-shell-companies-idUSTRE75R20Z20110628)
- While there is scant information regarding Sophidea, Inc I can see that they are providing hosting services to a large number of companies and the IPs from this range were frequently reported for spam
- Hosted on the same network range is ultrasurf.us which was created to provide means to bypass the China Firewall and provide anonymous Internet access. Ultrareach Corp - the company which owns UltraSurf is registered on the same postal address in Wyoming above. There was some discussion of the actual value of the services provided by UltraSurf (blog.torproject.org/blog/ultrasurf-definitive-review) but still their service might have something to do with the Chinese goverment wanting to restrict access to this netblock
Update Jan 22, 2014