Recently a vulnerability in Magento was discovered that allows attackers to gain unauthorized access to your webshop. This unfortunately also means attackers can thereby access all information in your webshop including your customer database and the backoffice.
On monday the 16th of March, CloudVPS will change the opening hours for its telephone service desk. Starting on the 16th you can reach us for telephonic support every working day from half past eight in the morning till six in the evening.
Yesterday a vulnerability in glibc was disclosed, one which requires an update. The vulnerability allows attackers to run arbitrary code on affected servers and thereby gaining access to these systems. In more technical terms the vulnerability consists of a buffer overflow issue, which can be abused via a remote arbitrary code exploit.
Over the last two months we've upgraded both the software and hardware of the CloudVPS Object Store.
The CloudVPS Object Store is growing with milions of objects a week. Growth has increased exponentially since the introduction of our popular Backup to Object Store product. This meant that we had to increase the hardware quicker than expected. Over the last two months we increased the capacity of the object store by 400%. The rebalancing of objects resulting from this unfortunately decreased performance for a couple of weeks.
The Dutch Internet Service Provider IT-Ernity has acquired all the shares of CloudVPS.
With this acquisition CloudVPS will become part of a group that will support our continued growth and enable new initiatives. IT-Ernity gains the leading Dutch public cloud and Europe’s first public OpenStack platform.
Over the last few days there has been some concern regarding an announced but not yet published vulnerability in Xen. Some large parties announced urgent maintenance, a security advisory was announced but placed under embargo and several technical news outlets speculated on the severity and impact of this leak.
The embargo was lifted today and the vulnerabilty was published.
As you may already have read late yesterday a large vulnerability called 'Shellshock' was found in bash, a software package used on virtually every Linux, Unix and Mac OSX server. Bash is most known as a shell interpreter which allows logged-in users to execute commands.
Apart from this bash is used extensively in a number of different ways such as shell scripts, supporting language for packages like CUPS and DHCP clients and in some cases as the language of choice for CGI scripts.
The vulnerability presented yesterday allows attackers to manipulate environment variables which are then treated as commands and executed by bash. This also means that all systems using bash are in theory vulnerable, the extent however to which they are vulnerable is determined by the way bash is used.
As of today, we have made it possible to secure access to the CloudVPS Interface and the Skyline interface for our OpenStack services using Two Factor Authentication (TFA).
Security experts explain TFA as: "There are 3 independent authentication factors: What you know (password), what you have (hardware token, mobile phone) and who you are (fingerprint). Two Factor Authentication means the system is using two of these factors for authentication.
Especially after the heartbleed bug in OpenSSL, TFA is increasingly demanded by serious internet users: "If an single authentication factor is being compromised, a second factor should be necessary for gain access to a system. Using a password often is not good enough.".
On the 19th of May we have launched our OpenStack Compute platform. Over the summer hundreds of customers have put the platform into use running more than a thousand servers at the moment.
The initial prices and packages were determined on a very conservative basis. Now we are getting an increasing amount of information regarding the actual performance of the platform it turns out to be so high that we can start using somewhat less conservative assumptions. This means our cost prices reduces and we can pass that advantage on to our customers. We implemented a CPU upgrade last month. This time we want to adjust our virtual server packages (Flavors) and the pricing of Volumes (extra harddisks) in favor of our customers.
CloudVPS launches a long expected new piece of software, CloudVPS BOSS, or Backup to Object Store Script. This program allows you to backup Linux servers to our highly redundant and cheap CloudVPS Object Store, instead of to our backupservers.