Heartbleed bug in OpenSSL made public

Posted by Nick Powell in News on April 8, 2014

*******

UPDATE  10th April 2014

We are aiming to have all managed and shared customers secured by the end of business today. We have seen issues with Litespeed needing a separate fix, this is now resolved

*******

Administrators should patch a severe flaw in a software library used by millions of websites to encrypt sensitive communications.


The flaw, called “Heartbleed,” is contained in several versions of OpenSSL. Most websites use either SSL or TLS.


The flaw, which was introduced in December 2011, has been fixed in OpenSSL 1.0.1g, which was released on Monday.

The vulnerable versions of OpenSSL are 1.0.1 through 1.0.1f with two exceptions: OpenSSL 1.0.0 branch and 0.9.8, according to a special website set up by researchers who found the problem.

If exploited, the flaw could allow attackers to monitor all information passed between a user and a Web service or even decrypt past traffic they’ve collected.

“This allows attackers to eavesdrop communications, steal data directly from the services and users and to impersonate services and users,” the researchers wrote.

The bug was discovered by three researchers from Codenomicon, a computer security company, and Neel Mehta, who works on security for Google.

Operating systems that may have a vulnerable version of OpenSSL include Debian Wheezy, Ubuntu 12.04.4 LTS, CentOS 6.5, Fedora 18, OpenBSD 5.3, FreeBSD 8.4, NetBSD 5.0.2 and OpenSUSE 12.2, they wrote.

OpenSSL also underpins two of the most widely used Web servers, Apache and nginx. The code library is also used to protect email servers, chat servers, virtual private networks and other networking appliances, they wrote.

The problem, CVE-2014-0160, is a missing bounds check in the handling of the TLS heartbeat extension, which can then be used to view 64K of memory on a connected server, according to another advisory.

It allows attackers to obtain the private keys used to encrypt traffic. With those keys, it is also possible for attackers to decrypt traffic they’ve collected in the past.

Attacks using the flaw “leaves no traces of anything abnormal happening to the logs,” .

Also see http://heartbleed.com/

Simple Servers administrators are actively applying this patch on shared and managed servers as a priority.

New R1 Backup Server

Posted by Nick Powell in From The NOC on April 4, 2014

Our newest R1soft backup server went live this week, with an impressive 18TB drive array. This marks the latest step in our commitment to customers data. All backup servers are now running the 18TB raid ten arrays and we have seen a great improvement in disk IO and backup time. We added 2 SSD drives in raid 1 for the ultimate system IO, its our fastest backup server yet!

We now have a total of 90TB R1 Soft backup space available for customer use!

Backup is key to our customers and our 3 tier backup is second to none in the industry, with 2 Cpanel backups running nightly and R1soft (Idera) running nightly also.

We have had our fair share of issues with the R1 platform but a lot of the recent issues seem to have been ironed out in the latest release, our big investment in all new backup arrays has also helped.

Images of the latest build:

First new rack install of 2014

Posted by Nick in From The NOC on February 24, 2014

After another record year for growth we have kicked off 2014 with another new rack install here at Simple! As always we have diverse power and network to this 1Gb rack.  This will be a home to dedicated and shared customers.

Magento Community Edition 1.8.1.0 Release

Posted by Nick in Magento Hosting on December 19, 2013

magento-home-badgeThe latest Magento 1.8.1 release includes many contributions from the Magento developer community and empowers merchants to operate their online stores more easily and efficiently by delivering significant tax calculation updates, functional improvements, and security enhancements, including:

Tax Calculation Updates

Building on tax improvements made in our most recent release, Magento Community Edition 1.8.1.0 provides more accurate and consistent Value Added Tax (VAT) and Fixed Product Tax (FPT) calculations for the Magento admin, invoices, and credit memos. It also improves tax calculations for cross-border transactions, bundled products, and multi-tax scenarios, as well as supports the Waste Electrical and Electronic Equipment recycling tax in the EU.

Functional Improvements

Magento Community Edition 1.8.1.0 includes important improvements across the shopping cart, checkout, content management system, and product import and export.

Security Enhancements

Magento Community Edition 1.8.1.0 delivers several important security enhancements, helping to further strengthen the platform against potential threats. These enhancements were identified through a rigorous process that included comprehensive internal testing, quarterly penetration testing by expert consultants, and engagement with the Magento developer community. Additionally, one improvement from Magento Community Edition 1.8.0.0 is now available for download for earlier Magento Community Edition releases.

How to Upgrade

You may be eager to start testing out Magento Community Edition 1.8.1.0. But, before you do, please take a few minutes to carefully review the upgrade instructions. We strongly recommend that you do not upgrade Magento Community Edition 1.8.1.0 in the same directory on the same server as your current deployment to avoid any post-upgrade errors. PLEASE DO NOT USE THE AUTO UPGRADE TOOL FROM YOUR APP POOL THIS MAY BREAK YOUR SITE

How to install

This latest version is already available in our app pool for easy installation.

Christmas comes early…

Posted by Nick in News on December 17, 2013

We had lots of new shiny boxes arrive this week from Mr Dell. Much to the horror of the Simple install team who were hoping for a rest over the festive period!

This is shaping up to be a very busy holiday period with server installs scheduled right into the 23rd December. We always see a big bandwidth spike in November-December but this year has been something else with several or our ports going over 100MBS this month, good job all of our ports are 1000mbs ;)

xmasboxes

Now Available SSL Improvements for cPanel & WHM

Posted by Nick in News on December 5, 2013

cPanel & WHM 11.38 +  has seen a number of new SSL improvements in the form of usability changes, SNI support, and support for multi-domain certificates. All of Simple Servers servers have been upgraded to support this feature. Detailed below are some of the major improvements you can now experience when using cPanel with your Simple Servers hosting account.

Enhanced Error Checking

A number of niceties have been added to the user interface to make the process of installing a certificate more straight forward and much more foolproof. In the event that there’s an issue with the certificate cPanel & WHM will deny the installation to prevent the certificate from being installed on the server. Additionally, it will let the user know that there is an issue that needs be to resolved in order for the installation to result in a working certificate.

Server Name Indicator (SNI)

Currently, it’s common for each SSL Certificate to require its own dedicated IP address. The cost of this address is typically being passed down to the end user. SNI is able to change this paradigm by indicating what hostname the client is connecting to at the start of the handshake process. This allows a server to have multiple certificates all installed on the same IP address. Users on shared servers, that support SNI, will be able to install their own certificates and bypass the need for a dedicated address. While this saves on the cost of the dedicated IP address, this also helps reduce the need for extra addresses.

Multi-Domain Certificates (UCC/SAN)

As an alternative to SNI we have also taken steps to improve our support for multi-domain certificates. These allow users to add multiple domain names to a single certificate, and multi-domain certificates can be installed onto shared IP addresses. Within both cPanel & WHM, users can quickly create self-signed, multi-domain certificates and can additionally generate signing requests that they can then take to their SSL provider to have their permanent certificate created.

GlobalSign OneClickSSL

A new feature in our cPanel area for Simple Servers customers. Simply enter your OneClickSSL voucher number and let the plug-in do the rest – You will have an SSL Certificate installed and active on the site in seconds.

New Customer Area

Posted by Nick in News on October 28, 2013

Our web team have been burning the midnight oil to produce a new admin area for our customers.

We hope this makes things easier, it certainly looks better!

Please let us know if you encounter any bugs though.

newadmin

Magento Community Edition 1.8 is Now Available

Posted by Nick in News on September 26, 2013

magento-home-badgeWe have installed our first stable version of Magento 1.8 this morning, here are the release notes from the Magento site.

We will be running more performance tests in the next few weeks.

Magento 1.8 is already available to our customers via our auto installer.

Magento Community Edition 1.8

This new edition improves tax calculations, boosts product quality and stability, enhances performance, and advances security for the rapidly growing Magento community.

Key highlights include:
Enhanced Tax Calculations
Magento Community Edition 1.8 improves tax calculation accuracy for VAT merchants and eliminates potential rounding errors that can be confusing to buyers. Knowledge Base updates also provide more guidance on tax configurations and Canadian tax requirements, enabling you to more fully benefit from the native Magento tax engine.

Functional Improvements
We made approximately 350 functional improvements that boost product quality in key areas, including the web store, shopping cart, admin order creation, import and export functionality, web API components, and payment methods.

Performance Improvements
Magento Community Edition 1.8 enables a better shopping experience through faster page-loading in the checkout process and optimized cache adapters for single server systems, which minimize the number of cached pages that must be refreshed when product updates are made. The performance of the 1.8 administrator panel is also improved for those of you with large product or order databases.

Security Enhancements
Through a number of enhancements, we also strengthened the security of Magento Community Edition. A full list of enhancements is available in the magento release notes.

Updates to the Alpha Release
A few new updates were made to the alpha version of Magento Community Edition 1.8. We removed the requirement to have globally unique category and product URL keys, giving you greater flexibility in your URL structures. We also incorporated the recent USPS API patch, DHL code updates, and the latest Redis backend cache code, now called Cm_Cache_Backend_Redis. We have also included Cm_RedisSession, a Redis session storage module.

Samsung 840 EVO 750GB Review

Posted by Nick in News on September 18, 2013

The Samsung 840 EVO 750GB is a tour de force in solid-state technology, combining for the first time vast capacity by ssd standards, with super fast performance, and at an approachable price.
Samsung_840_EVO_750GB_1

The Samsung EVO is spearheads a second-generation of solid-state drive to use the more affordable TLC flash chips. It allows an increase in capacity and reduction in price. And a surprise when it comes to performance.
Samsung is still accelerating the development of flash memory, now introducing its second generation of TLC solid-state storage before any other brand has even shown its first.

Three-layer cell (TLC) NAND flash can be a useful compromise to increase storage capacities and lower costs. But the 3-bit version of multi-layer cell (MLC) flash has an intrinsically slower write speed and shorter overall lifespan.
For better performance and longevity, there’s still Samsung’s 840 Pro Series with its more familiar two-layer MLC technology. But we found that in performance terms at least, the Samsung EVO can hold its head up high against the 840 Pro; and with it, all current leading SATA 6Gb/s solid-state drives.

The use of TLC flash has here allowed a long-awaited extension in storage capacities. As well as the familiar sizes of 120, 250 and 500GB, Samsung has added 750GB and 1TB sized drives.

The latter becomes the first truly terabyte SSD, since  Crucial’s competing flagship M500 series includes additional built-in over-provisioning that brings the available space on its largest SSD to just below the terabyte mark, at 960GB.

Recommended prices for the Samsung 840 EVO Series SSDs start at £86.99 for 120GB, then £148.99 for 250GB, £289.99 for 500GB, £415.99 for 750GB and £509.99 for 1TB.

Samsung 840 EVO 750GB: Super fast

The buffer size is relatively large, so that with most daily operations it should not be readily depleted. But if it is, it simply puts write operations back to regular TLC speeds. For reference, the original 840 Series with its unaided TLC flash had sequential write speeds of around 250 MB/s.

Since this dedicated part of the drive only works in SLC mode, Samsung assures us it will have better endurance than short-lived TLC – around 100 times longer life.
The two smallest drives each get 3 GB of TurboWrite Buffer, while the 500, 750 and 1000 GB capacity versions get 6, 9 and 12 GB respectively of fast-write buffer.

Samsung 840 EVO 750GB: Other changes

Besides some clever data juggling used to bolster write speed, several other changes have been noted for the Samsung 840 EVO when compared to the original 840 Series.
The controller is now designated MEX rather than MDX, still based on a three-core ARM processor and with clock speed increased from 300 to 400 MHz. This is said to assist in management of the larger capacities, as well as deal with the shift to a new 19nm NAND process.

We also understand that the controller now has more housekeeping automation hard-coded into it, rather than being programmed and run by firmware.
The controller is backed by more DRAM cache for the largest drives, taking 256 MB cache for the smallest 120 GB capacity, 512 MB again for the 250 and 500GB models; and now featuring 1 GB of LPDDR2 memory for the 750 GB and 1 TB capacity SSDs.
Idle power consumption is said to be reduced, while temperature sensing deliberately slows the drive down when it gets too hot under load. Dynamic Thermal Guard looks like a similar technology to the adaptive thermal monitoring used in Crucial’s latest M500 series SSDs.

Samsung 840 EVO 750GB: Performance

When we first tested the Samsung 840 EVO, we were almost downcast to find comparable performance to the previous-generation Samsung 840 Pro. But we were not immediately aware of the technology inside, based on TLC flash like the cheaper 840 Series; not 2-bit MLC like the 840 Pro Series. Things were looking interesting again.

Looking at the other extreme, of very small files, we found that 4 kB random reads had just about doubled in number, from 22 to 41 MB/s with the 840 EVO.
That’s with a single queue, a good indicator for real-world performance still, as your PC spends a lot of time working randomly with many one-off small files, not just large sequential transfers or even multi-threaded small random read/writes.
Increasing queue depth to QD=32, the 840 EVO also approached its Pro-labelled mentor. Random 4 kB reads now hit 405 MB/s and writes were 367 MB/s. Which means the 850 EVO is now officially in the 100,000 IOPS league with its 104k IOPS read result.

Litter Louts

Posted by Nick in From The NOC on September 17, 2013

(litter lout) litterer: a person who litters public places with refuse.

As ever the team have been busy adding new servers into our latest rack, we do seem to create rather a mess though!

As always we made good in the end though.

 
Magento Hosting Back to Top

2014 © SimpleServers Ltd | Vat No. 974629277 | Company No. 06813119 Terms and Conditions

Cloud Computing: Compute, SAN, CDN
Google+