Critical security bug gets South Africa sites and hosts scrambling for a fix

blunt

Expert Member
Joined
May 1, 2006
Messages
2,440
really quick patch don't know why the likes of afrihost and axxess havent updated by now
 

AfriGuy

Afrihost
Staff member
Company Rep
Joined
Jun 12, 2013
Messages
13,768
Hi all

Just want to follow up on this, I can confirm our team have implemented the relevant fixes from our end - we are no longer vulnerable on this :)
 

MagicDude4Eva

Banned
Joined
Apr 2, 2008
Messages
6,479
Also remember it takes quite some time to recycle SSL certificates. In our case it took more than 8 hours to recycle the EV certs due to the verification process and time difference.


Sent from my iPhone using MyBroadband Tapatalk
 

AfriGuy

Afrihost
Staff member
Company Rep
Joined
Jun 12, 2013
Messages
13,768
Also remember it takes quite some time to recycle SSL certificates. In our case it took more than 8 hours to recycle the EV certs due to the verification process and time difference.


Sent from my iPhone using MyBroadband Tapatalk
Indeed it does! Our team rotated DNS addresses too, we've been working this since yesterday morning - the coffee has been flowing :)
This really is important to us, and our clients info and security is a top priority! Everything should be 100% with our servers.
 

MagicDude4Eva

Banned
Joined
Apr 2, 2008
Messages
6,479
I always thought that open-source projects go through a number of peer reviews and code-coverage checks. Certainly does not sound good and I am sure a number of additional checks will be established in future. It is certainly scary to see how many vendor notifications we received with infrastructure being affected (some of which I would not even have thought of).

@Afriguy - what was the purpose of rotating DNS addresses (switching out vulnerable IPs with patched ones?)?
 

AfriMan

Afrihost Representative
Company Rep
Joined
May 24, 2012
Messages
16,731
I always thought that open-source projects go through a number of peer reviews and code-coverage checks. Certainly does not sound good and I am sure a number of additional checks will be established in future. It is certainly scary to see how many vendor notifications we received with infrastructure being affected (some of which I would not even have thought of).

@Afriguy - what was the purpose of rotating DNS addresses (switching out vulnerable IPs with patched ones?)?
I understand that this is now a topical issue, but it's not always best to discuss security solutions in public forums. We're satisfied that we've addressed the issues - I see MyBB have also updated their article :)
 

lsheed_cn

Expert Member
Joined
Sep 14, 2008
Messages
2,875
I beg to differ, you have not addressed the issues.

You need to be telling all your clients to change their passwords, or in fact forcing a password change for all your users, as you can assume a good chunk of them are compromised. Its as simple as that.
 
Top