Login

Subscribe

 
SEARCH

RSS Feed
Latest Updates
Apr
10
BlackSun update: HeartBleed Explained
Posted by Blacksun Steve on 10 April 2014 11:01 AM

April 9 2014 (Saskatoon, Sk).  BlackSun Inc, a Canadian web hosting company, has responded to recent internet news items relating to the "HeartBleed" bug.   BlackSun confirms that its systems are patched, and offers a revised explanation of an openSSL vulnerability that exists on millions of public internet systems.

 

Experts recently discovered a major flaw in OpenSSL,  including banks, e-mail and social media services — that has the potential for a hacker to exposes users’ names and passwords, the content of their communications, and their data.  Millions of sites that are hosted by corporations, and most major web hosting companies are at risk.   Major internet players, including Facebook, Google, and Twitter had confirmed they were at risk and have taken measures to patch and protect their clients.

 

BlackSun would also like to confirm that the vulnerability lies with the OpenSSL software and not with any certificates purchased from BlackSun,  or BlackSun CA keys. BlackSun is not aware of any real-world exploits of this flaw at this point in time. 

 

 

Source:  in part from Gail Sullivan, Washington Post, revised by BlackSun.ca

 

Here are some more critical questions and answers.

 

Q:  Are the systems at BlackSun.ca patched and secure from the Heartbleed flaw?

A:  Yes, BlackSun has several layers of security in place to protect against this flaw.  There have been some servers that required an OpenSSL patch which has been in place since April 8th, 2014.

Q: What is SSL?.

A: It stands for Secure Socket Layer. It is the technology for establishing an encrypted link between a Web server and a browser. This link ensures that all data passed between the Web server and browsers remain private. “Open” SSL simply means that the code is freely available.


Q: Is there a fix?

A: Yes. It’s being distributed and implemented for download, but the bug has been around since 2011.

Q: Should you change your passwords?

A: Don’t rush to change your password at your current host until they -confirm- a fix.  BlackSun users are regularily reminded to change passwords every three months as part of their ongoing best practices security plan.

Q: How can I check to see if my website is at risk!?

 You can use the tool at http://filippo.io/Heartbleed/

to see if a Web site is vulnerable. If it is, don’t log in until the company confirms it has updated its SSL software and changed its security certificates. After that, you can change your password.

 

OpenSSL has released version 1.0.1g to fix the bug.

Q: What specific versions are affected?

A:  OpenSSL versions affected:


1.0.1 through to 1.0.1f (inclusive).
 
Q: What versions are not affected?


1.0.1g
1.0.0 (entire branch)
0.9.8 (entire branch)
The release of OpenSSL 1.0.1g on the 7th April 2014 fixes the bug.

Q: How did this happen?

A: “The vulnerability was introduced in 2011, apparently by accident when the open source code was updated, but the error was only spotted recently. That has raised fears that some attackers may already have been exploiting it to steal information,” the Guardian reported.

Q: What exactly is the problem?

A: It is “a weakness in one feature of the [OpenSSL] software — the so called ‘heartbeat’ extension, which allows services to keep a secure connection open over an extended period of time — allows hackers to read and capture data that is stored in the memory of the system,” Gigaom explains.

Having said that, this allows the hacker the possibility of gaining access to bits and pieces of the server over time.

 

 
Sources: DigiCert, Comodo.Graphic: Tobey - The Washington Post.

Sources: BlackSun.ca, DigiCert, Comodo.Graphic: Tobey – The Washington Post.



Read more »



Jan
23
BlackSun adds "Trendy" Sitebuilder Tools to its Webhosting Suite
Posted by Blacksun Steve on 23 January 2014 04:24 PM

February 6 2014 (Saskatoon) -  BlackSun Inc, a Canadian web hosting company, has announced it is now offering a no charge easy-to-use sitebuilder tool on all of its web hosting packages.   The new announcement featuring software from "TrendyTools", is now available to all BlackSun customers on the cPanel web hosting platform.  The TrendyTool sitebuilder software is offered in addition to BlackSun's easy to use file and content management suite of software that it has already been offering for many years.

"Unlike other sitebuilder hosting companies, this tool allows BlackSun's customers to maintain control of their web hosting, email, and domain name services without giving up ownership of their website to a third party," says Steve Rogoschewsky, CEO of BlackSun Inc.  "The TrendyTool sitebuilder not only allows our customers to keep all of their data safely hosted in our Canadian Data Centers, it also allows our customers to maintain a high quality of service.   We are excited to be able to add even more value to our feature rich webhosting plans at BlackSun."

The TrendyTool Sitebuilder offers an easy to use builder for any small or large business.  In addition, there are several industry specific categories that allow for additional customization. It also automatically formats each site for mobile use, and comes equipped with appointment and event schedulers, image galleries, and ecommerce tools for online store management.

Other sitebuilder companies typically charge as much as $30 per month for these extra features.   BlackSun is planning on keeping the sitebuilder tools as part of its suite of free software that is included on its cPanel based hosting plans.

BlackSun's new sitebuilder tools can be found on its http://demo.blacksun.ca  site, or directly at

http://blacksun.ca/trendy-tool-kit-for-cPanel/all-sitebuilders/all-website-builder.html

 


Read more »