NinerNet Communications™
Blog

Corporate Blog

SSL version 3 “POODLE” vulnerability

17 October 2014 05:21:12 +0000

The latest in a series of recent vulnerabilities discovered in software commonly used on servers hosting websites and email (among other services) has reared its head. “POODLE” (conveniently discovered by the clever rhymers at Google) is a catchy name for a vulnerability found in a two-decade-old cryptographic protocol used to encrypt network connections. SSL — the secure sockets layer protocol — has become a household word over the years, and those three letters are still now used by many to refer generically to secure connections, even though SSL version 3.0 (published in 1996) was superseded by TLS (transport layer security) version 1.0 fifteen years ago (in 1999).

All of this introductory information is not intended to trivialise the problem, of course, but to give some background and illustrate how it can take a long time for new standards to be adopted, and old ones to be abandoned. Often, old standards live on simply because “if it ain’t broke, don’t fix it” … and now (well, three days ago) we find that the last version of SSL — version 3.0 — is indeed “broke”.

As such we will be re-configuring all of our servers still configured to allow SSL 3.0 connections to use TLS exclusively. This will require reconfiguring and restarting web servers, FTP servers and various email services. While we anticipate the work on all servers taking about an hour, interruptions in service — if there are any — should be brief and last only a few seconds at a time as services are restarted.

Of particular interest — due to a couple of recent support requests related to our newer mail server on NC027 — is that Microsoft Outlook 2003 users will likely no longer be able to connect securely to the mail servers on NC018 and NC023 (the relay server), as Outlook 2003 does not have support for TLS. Apparently a 2004 “hotfix” available from Microsoft will add TLS support to Outlook 2003, but we cannot vouch for this personally, nor are we aware of any clients who have used this. It should be noted that Microsoft stopped supporting Outlook 2003 earlier this year. It is obsolete software.

It is of interest to me personally that my favourite email program of all time — Eudora — will weather this storm and continue to flourish, as it does support TLS. However, sadly, even Eudora will eventually succumb to the ravages of time and the march of technology. In fact, I strongly suspect it only supports TLS version 1.0, and I have noticed that Google actively discourages connections from old email clients such as Eudora, probably because they likely suggest using an email client that supports at least TLS version 1.1. The latest version of TLS is 1.2, already six years old itself.

So, we will be using our weekend maintenance window to perform this maintenance. However, instead of starting at the usual time, this maintenance will begin at 21:00 UTC on Saturday, 18 October and, as stated above, should take roughly one hour. Please consult our status blog for updates on this maintenance, and please contact support if you have any questions or concerns.

“Shellshock” software bug

26 September 2014 14:17:06 +0000

You may have heard in the media about the so-called Shellshock security issue that affects a software package present on most Internet servers worldwide called “bash”. All of our servers run bash; it is a very basic building block on almost all UNIX- and Linux-based servers, which run most services on the Internet that you access every day. Bash can be loosely compared to the “command line” available on Windows-based computers.

Upon checking, we determined that the version of bash running on all of our servers was vulnerable to exploits aimed at the bug. All were immediately patched, and are no longer vulnerable. We continue to monitor security bulletins from the vendors of the operating systems we use for possible further patches related to newly-discovered vulnerabilities, should they materialise.

NinerNet takes keeping our servers updated and secure seriously. If you have any questions about this in general or this bug in particular, please contact us. Thank-you.

OpenSSL “Heartbleed” bug

9 April 2014 20:36:32 +0000

You may have read or heard reports in the media about a software bug in a widely-used program called OpenSSL used to secure SSL connections with and between servers.

While our servers do use OpenSSL, we have checked all of our systems and none of them are vulnerable to this bug.

If you have any questions or concerns, please let us know by contacting support.

New phone number

15 January 2014 13:58:41 +0000

We have a new phone number for our Vancouver, Canada, office, which we have added to the contact page on our website, but which has actually been on our invoices for some time now.

The new phone number is 604 630 1772. For those of you in North America but outside of the Vancouver local calling area, you can also still reach us using our toll-free number: 1 855 NINERNET (1 855 646 3763).

Those of you outside of North America may also be able to reach us using the toll-free number depending on the services available to you through your phone company or VoIP provider. If you can’t use the toll-free number, please use the 604 number after dialling your country’s international access code and the country code for North America (1).

The above two phone numbers are our only North American phone numbers. Please discard any old North American numbers that you may still have on file, as they no longer work or will cease to work shortly.

We continue to provide most support via email, and we encourage you to continue to submit support requests via email or through the contact form on our website at the above link.

Thank-you.

Domain contact information MUST be valid

15 January 2014 11:38:43 +0000

ICANN (the Internet Corporation for Assigned Names and Numbers) — the organisation in charge of all generic top-level domains (e.g., dot-com, dot-net, dot-org, etc., and the upcoming new gTLDs) — has introduced new rules that came into effect on 1 January.

The rule most likely to affect you at some point is the requirement for a valid email address associated with your domain. People generally register a new domain with a working email address, but over time that address may stop working for one reason or another. ICANN have taken steps to ensure that such a situation is not perpetuated.

Effective 1 January, if one of our automated emails to a contact address for your domain bounces, we are required to send you a verification email asking you to click a link in the email to confirm that your address does actually work. Of course, you’ll only receive that email if your email address has started working again in the meantime. Unfortunately, if you do not receive and act on the instructions in the verification email, we will have no choice but to suspend your domain, which will automatically happen fifteen (15) days after the first verification email is sent. If your domain is suspended, any services (email, websites, etc.) that rely on it will stop working until you respond and update the email address in your domain account. This is an ICANN rule applicable to all registrars and domain registrants, and we are contractually obligated to comply with it.

You may receive the same verification email when you register a new domain, when you transfer an existing domain into your domain account with NinerNet from another domain registrar, or when you change the contact information for your domain.

Please take this opportunity to log into your domain account (if your domain is registered with us) to check the contact information we have on record for your domain(s). If the contact email address you see there no longer works, exists or is no longer controlled by you, please update it immediately. (You will then receive a verification email, and you must follow the instructions in that email to complete the change to your contact details.) If you have multiple domains, you can update all of them at the same time. If you need the log-in information for your domain account sent to you, please advise us of that. Please note that your domain account is different and separate from your hosting account, and needs to be maintained separately by you. Thank-you for your understanding and cooperation.

If you have any questions, please contact support. Thank-you.

Dot-net and dot-com: The domains that define the Internet

31 December 2013 18:49:44 +0000

Define your ideas on the domains that define the Internet.

With all the hype about new top-level domains (TLDs) entering the market late this year and early in 2014, it can be easy to lose sight of the fact that most people still prefer to register new domains under the dot-com and dot-net TLDs. In fact, about 83% of the domains we host are either dot-coms or dot-nets. And there’s good reason for this: they are still the most widely-recognised TLDs out there, considering they have been around since 1985. That’s almost thirty years!

While some people — mostly people advocating use of less known TLDs — talk about domain depletion in dot-com and dot-net, we register new domains for clients in these name spaces every month. The fact is, domain names based on company names and/or locations are and will continue to be available to imaginative business owners. Besides, even though you might sell widgets, widgets.com isn’t necessarily the best domain for you; it may very well be widgetsgalore.com (reflecting your full company name), or widgetsvancouver.com (reflecting your location and market). Many of our clients register more specific domains like these as they better identify who they are and the markets that their companies serve.

If you’d like help selecting and registering a new or additional domain for your business, get in touch and we’ll be happy to help you.

iCash.ca domain on auction

29 December 2013 01:18:35 +0000

We are selling the domain iCash.ca, and it is currently on auction until Thursday 2 January 2014 at 15:11 EST (20:11 UTC, 3:11 pm Eastern Standard Time). (See the World Time Server to calculate the time in your time zone.) The minimum bid to surpass the current bid, which has met the reserve price, is US$1050. Please visit the auction website, run by the domain brokerage Sedo, to place your bid.

Because the reserve price has been met, according to Sedo rules the domain will sell at the end of the auction, so if you want to buy it you need to bid on it now.

With the ubiquitous “i” prefix everywhere these days, iCash.ca could be used to promote a banking app for mobile phones — the iPhone in particular, of course.

If you have any questions, please contact NinerNet support. However, please note that all bidding and payment transactions (including escrow) must take place through Sedo on their website.

Christmas and New Year hours and wishes

24 December 2013 22:25:28 +0000

It’s the end of the year again, and a fitting time to thank you once again for the custom that you have given to NinerNet in 2013. This year was challenging in some respects, but looking at things from the positive side the challenges were the result of growth. Some of that growth continues to be the new business that you, our existing clients, continue to refer to us, and for that we are most grateful.

Looking forward to 2014 we, as always, have plans to expand and improve the services we offer to you. Some of the new services will involve “private clouds”. We have avoided the buzzword “cloud”, bucking the industry trend in recent years, but with the news that broke this year about pervasive, worldwide, government surveillance — especially through big hosting companies based in the USA — we’re getting more enquiries about setting up a cloud-type infrastructure for in-house use only, and on servers outside the US. Look for an announcement about this in 2014.

On a wider scale, 2014 will see the introduction of new top-level domains (TLDs) and stronger enforcement of the requirement to use real and working contact data for domain registrations. Early in the new year we’ll be contacting you about the latter. As for the new TLDs — a TLD is the part of your domain to the right of the last dot (e.g., .com) — early registration for some of these are underway. Their introduction has been controversial, but they may see use in certain regions and niche industries. At this time they would appeal to only a limited number of our existing clients, but we’ll be providing information about them early in the New Year too (although we can immediately register in some of them). Some examples of new TLDs include .bike (e.g., example.bike), .clothing, .construction, .contractors, .diamonds, .enterprises, .guru, .holdings, .singles … and so on. Eventually there will also be a .africa too. Please be aware, though, that there are already scams involving fake registrations in these new TLDs, so if you get spam about these please keep that in mind and ask us if you need guidance.

Finally, our offices will be closed over the Christmas break for routine business, but support continues to be monitored 24 hours a day, seven days a week. We will re-open on Monday, 6 January.

We wish you and your family, business, organisation, employees and/or colleagues who celebrate it a very happy Christmas, and all the best for the New Year.

Massive outage at massive hosting company

3 August 2013 13:05:11 +0000

Hardly a week goes by that there isn’t a notable outage of one sort or another in the IT business. But some — like the one experienced by Endurance International Group yesterday — are more notable than others.

Endurance International Group is one of the world’s largest hosting companies, and specifically the parent company of the “stack ‘em deep and sell ‘em cheap” hosting brands Bluehost, Hostmonster, Hostgator and Just Host (as well as a plethora of others), with only one of them honest enough to put an asterisk beside their “unlimited” claims on their home page explaining how “unlimited” in their dictionary doesn’t mean what it probably means in your dictionary.

Anyway, now is not the time to kick a competitor when they’re down over minor issues like what they say and what they mean. But it is interesting to note that a massive operation claiming to host millions of domains and/or websites apparently had no system in place for communicating with customers during such an outage. We’re not immune to the occasional technical glitch and communication fumble ourselves, but Endurance actually needed to go out and register a new domain and hastily set up a blog to keep their customers updated.

Kudos to them for doing what was needed when it was needed, but one does wonder if they’ll be maintaining this website for future issues.

Deletion of domains by Zamnet continues

14 June 2013 14:32:22 +0000

Not satisfied with having deleted 37 per cent of domains earlier this week, it appears that Zamnet continue to delete even more domains! Today we find out that domains that were still working on Tuesday have now been deleted, causing more clients to scramble because their email and websites have suddenly stopped working. This brings the percentage of domains deleted without warning due to Zamnet’s incompetence to 42 per cent … almost half! When will this stop?!

We encourage clients affected by these arbitrary and unannounced interruptions to their business to file a complaint with the Zambia Information and Communication Technology Authority. (UPDATE, 2013-06-28: The complaint form disappeared shortly after we posted this. Try their “Complaint Handling” page instead.)

NinerNet home page

Subscriptions:

RSS icon. RSS

General Information:

This is the corporate blog of NinerNet Communications. It's where we post announcements, inform and educate our clients, and discuss issues related to the Internet (web and email) hosting business and all that that entails. This includes such concomitant industries and activities such a domain registration, SSL certificates, online back-up, virtual private servers (VPS), cloud hosting, etc. Please visit our main website for more information about us.

Search:

 

Recent Posts:

Archives:

Categories:

Tags:

accounts receivable apple billing branding cira client feedback contact information domain registration domain registry of canada domain renewals domains domain sales domain support group dot-ca domains dot-zm domains down time droc dsg email facebook google happy hosting customers hosting transfer internet registry of canada invoices iphone iroc maintenance new services paying your bill paying your invoice rates registrant transfers registrar transfers reputation scams search engine optimisation search engine optimization security seo service hours support testimonials transparency wordpress

Resources:

On NinerNet: