RSS Feed
Latest Updates
BlackSun Announces removal of mod_frontpage from Apache offering
Posted by Blacksun Steve on 17 April 2014 04:30 PM

April 17 2014 (Saskatoon, Sk).  BlackSun Inc, a Canadian web hosting company, has announced the removal for support of the FrontPage Server extensions from its web hosting offering.    The Microsoft Office Frontage program is a discontinued WYSISYG website administration tool.   BlackSun was running the extensions software that allowed Microsoft Frontpage users to publish websites and take advantage of certain features within the program.  The effective date for the end of life of FrontPage Server Extensions for UNIX was posted by Microsoft as June 30 2006.  BlackSun has been offering free technical support for Frontpage since early 2000.  

This announcement corresponds with cPanel's recent announcement of its removal of mod_frontpage from the latest version of EasyApache.  As a result cPanel will no longer be supporting FrontPage in future releases.  

The official BlackSun removal of the FrontPage product will be April 30th 2014.    Existing FrontPage users can still manage their website with the built in FTP features of that product.  BlackSun offers hundreds of other site management tools through Softaculous on all of its hosting plans.  In addition to the many free site building tools that exist online, BlackSun has also recently launched its easy to use web site builder program through its "Trendy Tools" product line.

Any users that have questions surrounding this news item can email support@blacksun.ca


Read more »

BlackSun update: HeartBleed Explained
Posted by Blacksun Steve on 10 April 2014 11:01 AM

April 9 2014 (Saskatoon, Sk).  BlackSun Inc, a Canadian web hosting company, has responded to recent internet news items relating to the "HeartBleed" bug.   BlackSun confirms that its systems are patched, and offers a revised explanation of an openSSL vulnerability that exists on millions of public internet systems.


Experts recently discovered a major flaw in OpenSSL,  including banks, e-mail and social media services — that has the potential for a hacker to exposes users’ names and passwords, the content of their communications, and their data.  Millions of sites that are hosted by corporations, and most major web hosting companies are at risk.   Major internet players, including Facebook, Google, and Twitter had confirmed they were at risk and have taken measures to patch and protect their clients.


BlackSun would also like to confirm that the vulnerability lies with the OpenSSL software and not with any certificates purchased from BlackSun,  or BlackSun CA keys. BlackSun is not aware of any real-world exploits of this flaw at this point in time. 



Source:  in part from Gail Sullivan, Washington Post, revised by BlackSun.ca


Here are some more critical questions and answers.


Q:  Are the systems at BlackSun.ca patched and secure from the Heartbleed flaw?

A:  Yes, BlackSun has several layers of security in place to protect against this flaw.  There have been some servers that required an OpenSSL patch which has been in place since April 8th, 2014.

Q: What is SSL?.

A: It stands for Secure Socket Layer. It is the technology for establishing an encrypted link between a Web server and a browser. This link ensures that all data passed between the Web server and browsers remain private. “Open” SSL simply means that the code is freely available.

Q: Is there a fix?

A: Yes. It’s being distributed and implemented for download, but the bug has been around since 2011.

Q: Should you change your passwords?

A: Don’t rush to change your password at your current host until they -confirm- a fix.  BlackSun users are regularily reminded to change passwords every three months as part of their ongoing best practices security plan.

Q: How can I check to see if my website is at risk!?

 You can use the tool at http://filippo.io/Heartbleed/

to see if a Web site is vulnerable. If it is, don’t log in until the company confirms it has updated its SSL software and changed its security certificates. After that, you can change your password.


OpenSSL has released version 1.0.1g to fix the bug.

Q: What specific versions are affected?

A:  OpenSSL versions affected:

1.0.1 through to 1.0.1f (inclusive).
Q: What versions are not affected?

1.0.0 (entire branch)
0.9.8 (entire branch)
The release of OpenSSL 1.0.1g on the 7th April 2014 fixes the bug.

Q: How did this happen?

A: “The vulnerability was introduced in 2011, apparently by accident when the open source code was updated, but the error was only spotted recently. That has raised fears that some attackers may already have been exploiting it to steal information,” the Guardian reported.

Q: What exactly is the problem?

A: It is “a weakness in one feature of the [OpenSSL] software — the so called ‘heartbeat’ extension, which allows services to keep a secure connection open over an extended period of time — allows hackers to read and capture data that is stored in the memory of the system,” Gigaom explains.

Having said that, this allows the hacker the possibility of gaining access to bits and pieces of the server over time.


Sources: DigiCert, Comodo.Graphic: Tobey - The Washington Post.

Sources: BlackSun.ca, DigiCert, Comodo.Graphic: Tobey – The Washington Post.

Read more »