Servers Down

The following servers did not come back up after the power outage and I will need to make a trip to the co-location facility to fix:

scientific.eskimo.com – shell server

debian.eskimo.com – shell server

mx69.eskimo.com – used to provide mail service from misconfigured servers

ipspace.eskimo.com – advertises availability of 207.54.0.0/19

Java-Ssh Now SSL

The newest version of Java doesn’t like exceptions for self-signed applets served by http protocol.  It will allow you to run them but asks for confirmation each time.

I’ve changed the link for Java SSH on our home page to an https link in order to prevent Java from complaining.

Web / FTP / Mail Maintenance 4/12/2014 12:05-1:00AM

I will be taking the web/ftp and mail servers down just after midnight for about 20 minutes each, between about 12:05AM and 1AM, in order to make images with the new encryption certificates so that if it becomes necessary to restore a machine, we will do so with the current encryption certificates and not those tied to private keys that were potentially compromised by the HeartBleed OpenSSL bug.

HeartBleed

Monday, information about a flaw in OpenSSL was released to the public.  This flaw allowed an attacker to grab a random 64k segment of memory contents from the server exploited with this flaw.  With enough attempts, it is possible they could obtain the private key rendering the encryption ineffective.

I became aware of this Tuesday evening thanks to notes from three of our customers and installed the necessary upgrades to OpenSSL to plug this hole.

However, because a small possibility existed that someone may have obtained the private keys in that period of time, I generated new private keys and CSR’s and asked Comodo to re-issue new certificates which they were willing to do at no charge.

These new encryption certificates were installed today.  If you use web mail or the web ssh client, there is a very remote possibility that your password information could have been obtained.

To change your password, ssh to eskimo.com (the old SunOS shell server), and from the command prompt (if you are using esh for a shell, use ‘!’ to get to the command prompt), type “passwd“. (Don’t type the quote marks).  It will prompt first for your existing password and then the new password twice.

Even though this exploit has only been known to the public since Monday, and we closed the hole Tuesday, it has existed in the code for approximately two years.  My concern is that NSA, KGB, and other such agencies probably have known about it and exploited it for several years.

The chances of a random hacker exploiting it successfully in the day it was open are much smaller since not only would they have to execute the exploit repeatedly to get the private key, then they’d have to be in a network position to intercept that encrypted traffic.