A recently announced vulnerability in OpenSSL (the open source software that encrypts the traffic to and from the majority of websites around the world) exposes a wide range of critical data to potential attackers. To quote from heartbleed.com:
“The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.”
The vast majority of Xecunet servers were not at risk, as they are using a version of OpenSSL that is not vulnerable to this attack. The servers handling our customer websites were all patched on the evening of Monday April 7th (the day this vulnerability was announced, and thus the first day patches were available). We have no reason to suspect that in the interim any customer SSL keys were compromised, as the attack is somewhat sophisticated, and with an estimated half-million sites vulnerable around the world, many of which are very high profile, the hackers will the skill sets required to execute this attack are more likely interested in going after high value targets such as financial institutions.
If you’re responsible for maintaining a server and aren’t sure if you’re vulnerable, contact us at email@example.com, we’d be happy to work with you to assess your situation with regards to the Heartbleed bug.Andy Dills Senior Network Engineer Xecunet, LLC
David joins the Xecunet team with a long, successful, and proven performance record of managing people and processes, developing client relationships, and delivering value to those that he has had the pleasure to serve.
Prior to joining Xecunet, David recently served as an Account Executive wherein he was responsible for market reach expansion, maintaining and growing the existing customer base, development of new customers, cultivating current and expanding new vendor relationships, and participation with internal engineering resources in project development and customer solutions, many of which were robustly designed and built for dynamic load-balancing, redundancy, and failover. David worked with an array of component products and services in the course of meeting customer objectives. Some of these included Microsoft Server Operating Systems (including Active Directory), Microsoft Exchange, large-scale data storage systems (SAN and NAS), Server Virtualization including VMware vSphere and Microsoft Hyper-V, Desktop Virtualization (Citrix), VoIP phone systems, Cisco Router and Switch network infrastructures, Firewall technologies, and Point-to-Point Wireless, T1, DSL, VPN, and Fiber Internet technologies.
David formerly attended The Ohio State University and spent several years in logistics, distribution, and production management and consulting.
In his “spare time”, David enjoys ocean kayaking, playing Flag Football in the CFFFL, physical fitness, playing his Stratocaster and harmonica, flying small aircraft, and hanging-out with his rescue dog, Emily.
David can be reached via e-mail at firstname.lastname@example.org or 301-682-9972 x250
It’s hard to believe that another year is upon us. In the past few months Xecunet has added additional redundant power and UPS to our Frederick, Maryland facility, as well as additional rack space. In the first quarter of the new year we will:
- Roll out the IPV6 protocol to customers in 2013!
- Announce a new VPS cloud offering!
- Announce a new online portal for asset and user management!
- Roll out a new iPhone/Android App for our co-location customers
- Biometric Hand-Geometry readers
We look forward to sharing in-depth information regarding these announcements in the coming weeks!