Netmonic Company Blog

A weakness has been discovered in the random number generator used by OpenSSL on Debian and Ubuntu systems. As a result of this weakness, certain encryption keys are much more common than they should be, such that an attacker could guess the key through a brute-force attack given minimal knowledge of the system. This particularly affects the use of encryption keys in OpenSSH, OpenVPN and SSL certificates.

Basically this means that all SSL-Keys need to be regenerated.

We have already updated all our internal systems and virtual machine images, so all virtual machines built after today are already patched.

For older virtual machines, you have to regenerate the SSH-Keys.

For Debian and Ubuntu machines do the following:

Debian:
aptitude update
aptitude upgrade && aptitude dist-upgrade

Ubuntu 7.10 & 8.04:
aptitude update
aptitude safe-upgrade && aptitude full-upgrade

This will download fixed packages and regenerate the SSH Keys for you.

Because we generate all SSH-Keys on Debian bases systems, even for other distributions, you’ll have to update your SSH-Keys on Fedora, CentOS and ArchLinux as well. On these distributions it’s enough to delete the SSH Keys and then restart the SSH daemon:

rm /etc/ssh/ssh_host_[rd]sa_key
/etc/init.d/ssh restart

 

For further information, please have a look at the following security advisories:

http://www.debian.org/security/2008/dsa-1571

http://www.ubuntu.com/usn/usn-612-1

http://www.ubuntu.com/usn/usn-612-2

http://www.ubuntu.com/usn/usn-612-3

 

Also:

http://ubuntu-tutorials.com/2008/05/13/openssh-openssh-vulnerabilities-confirm-fix-instructions/

http://wiki.debian.org/SSLkeys

 

To get closer to our target architecture we need a fast, highly available and scalable SAN storage.

And therefore we bought a EMC DMX 2000 with 42terrabytes :-) 

After integrating this into our infrastructure, high available xen vms can be offered. Your XEN VM has no longer a dependency to a single server, it is now independent and can be moved in a running state.

Some facts:
42 terrabytes
288 * 146GB HD
32GB Cache
8 Fiber directors
 

See you guys to check this out (available in 8 weeks)

As of today, you can now set the reverse DNS records for your virtual machines.

---

Wir haben heute ein neues Feature online geschalten und zwar kann man ab sofort die Reverse DNS Einträge für virtuelle Maschinen setzen.

Tonight we added a third DNS server, ns3.netmonic.com to our infrastructure. The server is located in the USA and provides added redundancy for your domains.

---

Wir haben heute Nacht einen dritten DNS Server, ns3.netmonic.com, zu unserer Infrastruktur hinzugefügt. Der Server steht in der USA und bietet dadurch erhöhte Ausfallsicherheit für Ihre Domains.

Tonight at about 10 pm CEST we are going to update our DNS backend. You can now host DNS Zones from domains not registered with Netmonic on our DNS servers. This is a free service for all existing and new customers.

We expect the maintenance to take about 30 minutes. During this time the netmonic website might be occasionally unavailable.

---

Heute nacht gegen 10 Uhr CEST führen wir ein Update unseres DNS Backends durch. Bestehende und neue Kunden können zukünftig gratis DNS Zonen für Domains die sie nicht bei Netmonic registriert haben auf unseren DNS Server hosten.Das Update wird ca. 30 Minuten dauern. Während dieser Zeit ist womöglich die Webseite zeitweise nicht erreichbar.

This morning we had a problem with our antivirus mail scanner, this had the effect that received emails stayed in the mail queue instead of being delivered to your inbox.

We now have temporarily  disabled antivirus checking for all mail accounts until the issue is resolved.
There was no loss of data and emails should be delivered to your inbox again.

Update: Problem solved, the antivirus is active again.

Here is a little teaser of an experimental mobile version of our website. The clever ones will figure out the URLs in no time, but be aware that those interfaces are not polished nor anywhere near feature completeness.

 

 

Rails is the web framework Netmonic is using for developing our public portal and internal management sites. Today the Rails community released Rails 2.0 (and 2.0.1 a bugfix release).

It’s not announced on the internet yet, but you can find the 2.0.1 release tag right here: http://dev.rubyonrails.org/svn/rails/tags/rel_2-0-1/.

Our production website was already running a Rails trunk version during the last few weeks, so switching to Rails 2.0 was a matter of minutes and worked flawlessly.

A big thank you to the Rails community for their great work. Rails 2.0 really brings some nice changes for developer enjoyment . You can read more about them in the original Rails 2.0 Preview announcement: http://weblog.rubyonrails.org/2007/9/30/rails-2-0-0-preview-release. And even more on Ryan’s blog: http://ryandaigle.com/articles/2007/12/7/rails-2-0-final-released-summary-of-features.

PS: In the future, posts in the Development category will be posted in English, other categories posts in both, English and German.

Heute Nacht ging eine neue Version des Netmonic Webmails online.

Die neue Version behebt einige Probleme mit weniger verbreiteteren Browsern.
Außerdem haben wir das Webmail von unseren Webservern auf zwei extra Server umgesiedelt. Das bedeutet für den Extremfall, dass unsere Webserver nicht erreichbar sind, Sie trotzdem unter https://mail.netmonic.com/ weiterhin Mails lesen und verschicken können.

Falls die neue Version mit Ihrem Browser Probleme verursacht stehen Ihnen unter https://old.netmonic.com/webmail und https://old.netmonic.com/webmail2 die bisherigen Versionen zur Verfügung.

Aufgrund einer Datenbankwartung kam es heute Nacht zu einem Fehler, wodurch die Web Statistiken nicht aktualisiert wurden. Ab morgen (9.11.2007) sind die Statistiken wieder am aktuellen Stand.