The other day I was browsing the web looking for some specific information on php security. I came across a great site (which I cannot name for the reasons below), containing just the information I was looking for. I was about to leave the office for the day and wanted to download the PDF version of the document to my phone to read on the way home — yes, I know that’s sad! I clicked on the PDF link. You know what happened next? To my surprise, I saw the following:
Putting user friendliness to one side, the site revealed vital information about key components on the web server. It amused me that a website focussing on security would have a security vulnerability, and an easy one at that to resolve. A hacker coming across the site could look up the documented vulnerabilities in these components and launch an attack. I have tried emailing the website owners alerting them to my discovery, but all my emails are bouncing. I’m assuming that this is not an elaborate scam – I guess I’ll know soon if I have been fooled!
Back to Apache. If your server is reporting its version number, then you can resolve the problem very easily by adding the following to your httpd.conf file:
After you save the changes, restart your Apache server and wave goodbye to this vulnerability.
Hornbill’s cloud instances are secured and do not experience the vulnerability described above.
Today our service was impacted by a network problem that occurred within our Portsmouth/UK data centre. The problem occurred at 10:48 BST and lasted for approximately 6 minutes during which time there was up to 80% packet loss within the data center network. The network team reported the problem was caused by a spanning tree event that occurred during “routine trunking” but was quickly resolved.
We expect a full post-mortem report around the event within 72 hours and of course will act immediately should there be any lessons learned.
We apologise for any inconvenience this may have caused our customers.
On Tuesday 13 March 2012 we received an advisory from Microsoft regarding a vulnerability in Remote Desktop Protocol (RDP), alerting us to a bug that allows a remote hacker to execute code on a system, without any intervention on the part of the user. As some of our servers our windows based, we pounced on this notification and took immediate steps to close the vulnerability. We confirmed the patch provided by Microsoft had no impact on our staging servers, so it was good to go. We scheduled our systems to deploy the patch that very same day, notifying our customers of our intent.
We patched all affected servers on three continents within 24 hours of being alerted to the vulnerability. Some providers, not mentioning any names, took a little longer to respond. I couldn’t believe it when I found out that a provider had scheduled their patch deployment for Saturday….5 days after the patch was made available by Microsoft.
I can’t speak for other providers, but here at Hornbill we take security very seriously and will respond as rapidly as possible to close vulnerabilities.
We’ll see if we can beat 24 hours next time!! 🙂
For more information on the specific vulnerability, see: