Canadian Web Hosting Blog and News
25Sep/140

GNU Bash Critical Vulnerability

There is a serious critical vulnerability in all versions of GNU Bash (Bourne Again Shell). It allows a hacker to execute shell commands any time a BASH shell executes with environmental variables set by the attacker. This vulnerability, CVE-2014-6217 was patched by upstream providers on September 24. For details, refer to https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/.

If you are running Linux operating system under VPS, cloud or dedicated server environment, you can patch the system by logging into shell:

yum clean all
yum update bash -y

Then run

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

If you receive the following response then the system is patched:

bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test

However, this was a partially implemented patch.

CVE-2014-7169 is the second vulnerability for GNU Bash. This second CVE covers attack vectors that were not fixed in the initial updates for CVE-2014-6217. Targeting CVE-2014-7169 is more complicated for an attacker. The authors of GNU Bash are currently working on updates to address CVE-2014-7169. This article from Red Hat has additional details about this flaw: https://access.redhat.com/articles/1200223

NOTE: This does not affect Windows environments, only Linux. Customers hosted on shared servers are already patched since September 24.

Here's a detailed explanation with video from Symantec.

UPDATE: September 25, 10:48PM PST

Red Hat and Debian released a patch to address CVE-2014-7169. This resolves the incomplete patch for CVE-2014-6271 (''ShellShock'' aka ''Bash Bug'').

https://rhn.redhat.com/errata/RHSA-2014-1306.html

http://lists.centos.org/pipermail/centos-announce/2014-September/020594.html

http://lists.centos.org/pipermail/centos-announce/2014-September/020593.html

http://lists.centos.org/pipermail/centos-announce/2014-September/020592.html

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762760#56

https://launchpad.net/ubuntu/+source/bash

Red Hat/CentOS

yum update bash -y

Ubuntu/Debian

sudo apt-get update && sudo apt-get install --only-upgrade bash

Run this command to confirm Bash is patched for CVE-2014-7169

env X='() { (a)=>\' sh -c "echo date"; cat echo

If the above command outputs the current date (it may also show errors), you are still vulnerable.



Kevin Liang
CTO / SEO Guru
Canadian Web Hosting

Filed under: Web Hosting No Comments
19Sep/140

Canadian Web Hosting goes volunteering!

Canadian Web Hosting visited Union Gospel Mission on Tuesday. Some of our staff spent the morning doing some hands on volunteering in their kitchen.

Matt C., Kings W. and Sheila W. working hard to prepare lunch for residents and staff.

Union Gospel Mission is an urban relief organization with locations spread throughout Metro Vancouver. The organization aims to overcome poverty, homelessness, and addiction. The facility we visited is located in Downtown Eastside, an area that is noted for high level poverty, drug use, sex trade, crime and violence. Senior Development Officer Nicole Robson took us on a tour of the building and explained that there are many people who live and die within those eight city blocks of Downtown Eastside and never have the opportunity to leave the area their whole life. UGM’s aim is to help this group of individuals overcome their situation by providing them with basic needs of food and shelter, and then provide assistance and education to help alleviate their poverty and addictions.

Our donations and support to UGM helps provide for men, women, and children alike. Services include outreach, emergency shelter, alcohol and drug recovery programs, affordable housing, and much more.

We had an amazing experience working alongside the friendly staff and we look forward to visiting again in the following months.

 

Sheila W.

@CAWebHosting
@CWHUpdates

 

 

16Sep/140

Canadian Web Hosting and AURO attends OpenStack SV 2014


AURO's Regional Sales Director Chloe Tottem with CEO and Founder of Cloudscaling Randy Bias

OpenStack is a free and open-source software cloud computing platform that began as a joint project between NASA and Rackspace. It is currently managed by OpenStack Foundation and more than 200 companies have joined the project, including AMD, Cisco, Dell, IBM, Intel, Mirantis, Oracle, VMware, and Yahoo!.

In April this year, OpenStack Foundation launched its ninth milestone release – Icehouse. Its focus is on testing and stability, as well as compatibility with third-party hardware and software configurations. It now supports 16 international languages. Icehouse’s core element, “Trove”, was promoted alongside other new programs that will be providing users with more options to plug into their cloud. These include OpenStack Bare Metal (Ironic), OpenStack Messaging (Marconi), and OpenStack Data Processing (Sahara).

Canadian Web Hosting and AURO attended OpenStack Silicon Valley 2014 on Tuesday, September 16th. It featured influentials from the OpenStack community, including the likes of CEO and Founder of Cloudscaling Randy Bias, Executive Director of the OpenStack Foundation Jonathan Bryce, and Senior Technical Director at Mirantis Greg Elkinbard. It has been a big year for OpenStack, with new releases intending to make cloud services more user-friendly and simple to implement. Companies are also working on the OpenStack backend for compatibility with other cloud services.

Founded in 2014, AURO, a Canadian Web Hosting company, is powered by OpenStack and is Canada’s only Enterprise-grade Public Cloud service. It was created for users that could benefit from a highly scalable and agile environment for hosting needs. One single dashboard allows customers to create, control, and deploy cloud infrastructures and keep their data within Canada. It has the ability to rapidly provision and achieve repeatable results. Paired with a high level of security and easy integration with new technologies, AURO helps enterprises, businesses, ISPs, developers, and Telco’s to cost-effectively manage a multitude of web sites and applications in Canada’s first enterprise public cloud.

 

Sheila W.

@CAWebHosting
@CWHUpdates

12Sep/140

Need a web-hosting company? Some key factors to help you choose:

Most businesses have their own website now and it is essential that the web-hosting provider is secure so data and business isn’t lost through malicious hacking or downtime. But how do we choose a reliable web-hosting company? Here are some factors to consider:

1.  Customer support
If any issues arise, whether your site is down or data is missing, it is essential that your web-hosting provider is there to support you. Settle for nothing less than 24/7 customer support so that your issues can be resolved in a timely manner. Make sure you can get help anytime and wherever you are located.

2.  Reliability
Check out the web-hosting provider’s guarantee of uptime. You want a reliable service and your website to have maximum exposure to potential business. Where 100% server uptime does not exist (if a company guarantees that, it is false), there are definitely web-hosting providers that will meet expectations of 99.9% - 99.99999% guaranteed uptime. Also make sure they provide backup services or other options to secure your data.

3.  Guarantee
Just like when we shop for any other product, we want to have the freedom to return something we don’t like or doesn’t fit our needs. Look for web-hosting companies that offer at least a 30-day guarantee or pro-rated money back guarantee. This trial period will let you cancel your service early with less penalty.

4.  Options
Check out the web-hosting provider’s website. A solid company will offer you flexible plans and a variety of packages to suit your needs. Compare the prices and inquire about differences in rate. If you’re looking for a web-hosting plan to resell web space, make sure there are reseller plan options.

5.  Extra charges
Are there limitations in your plan, such as bandwidth? Providers will often charge extra when you exceed your plan restrictions and as a result, your site could go offline. Check and compare that these prices are reasonable and that the company will keep your site online when these charges are paid off.

6.  Discounts
Once you have narrowed down a few choices, chat with the sales representatives to inquire about discounts and special offers. Many providers will offer free software installers or domain names.

7.  Reputation
Finally, check reputability of a company. Instead of using forums or other unreliable sources, consider looking into accredited business directories with ratings, such as the Better Business Bureau.

 

Sheila W.

@CAWebHosting
@CWHUpdates

6Jun/140

Is Your House Smart?

Are the dishes done? Are your clothes spinning or rinsing? Have you made the weekly grocery list? Though the majority of us still need to physically check the dishwasher, the washing machine and the refrigerator to determine the phase of our household chores, many have made the switch to smart appliances. While smart appliances can and will relay to you the progress of its task, they have the capability to do so much more by utilizing cloud technology, truly altering the way we live at home.

Smart houses go beyond washers, dryers, and dishwashers, in fact, smart technology can be found in your home’s lighting, windows, doors and many other fixtures that can be installed into every room of your house. Acquired by Google for $3.2 Billion in early 2014, Nest presents a strong front when it comes to thermostatic technology in your home. This “must have” gadget of 2014 is changing the way we heat our homes, and saving us money along the way. After making your initial heating/cooling settings, Nest will learn and adapt to your preferences—with the help of cloud-based technology, keeping costs low, and saving energy. We live in a time where technology adapts to our preferences, learns our habits and continually changes to fit our needs. Dads around the world can rest easy knowing that no one touched the thermostat, it changed all by itself.

Though household appliances and gadgets are making the smart transition, the increasing number of apps required to manage them are beginning to take up space on our mobile devices. This opens the door for companies like Apple, who recently announced their arrival into the smart home revelation with HomeKit, and Google (who has yet to actually launch an app, but will most likely follow in Apple’s footsteps) to consolidate the information into one seamless application. In the not so distant future will we be able to control our entire house, from the front door to the back, from any mobile devise around the world. This concept may seem overwhelming but cloud-based technology allows us to access information from nearly any port around the world, eliminating the tether felt between us and our possessions.

If you’re the type of person who needs an app telling you when to drink water, how many calories you’ve burned, what to have for dinner…etc., then this is an investment you should consider. Making the transition to smart technology will not only save you time and money, but it also offers piece of mind to home owners concerned with the safety and security of their house and family. Additionally, many of these appliances and gadgets are environmentally friendly (for those who are actively trying to reduce their carbon footprint). Conversely, for those still yearning for a tech-free world, a basic fridge will suffice, and you can live happily knowing who controls the thermostat.

Kevin Liang
CTO / SEO Guru

Filed under: Uncategorized No Comments