News

RSS Feed
News
Jul
9
Security Advisory: OpenSSL Vulnerability
Posted by Kevin Stange on 09 July 2015 02:07 PM

A vulnerability has recently been disclosed in the OpenSSL library, affecting versions 1.0.1n and 1.0.2b and later.  This vulnerability could allow a malicious user to trick software into believing a certificate is trusted when it should not be. It has been assigned the ID CVE-2015-1793 in the Common Vulnerabilities and Exposures database.  This issue primarily affects client applications (such as web browsers and email clients) and services that validate client certificate chains (such as certificate-based VPN services, email encryption systems, and web sites that use a certificate to log you in), so most common server configurations are likely not affected.

We have evaluated supported operating systems and confirmed that CentOS 5, 6 and 7, and Debian Squeeze (6), Wheezy (7), and Jessie (8) are not impacted because they do not provide a version of OpenSSL that includes the affected feature.  Windows does not include OpenSSL software by default.

If you are running LiteSpeed web server versions 4.2.23, 5.0 or 5.0.1, you are affected.  You can see what version you are using by running the command:

/usr/local/lsws/bin/lshttpd -v

If you have one of the affected versions, we recommend that you upgrade.  If you are running 4.2.23 or older, please upgrade to 4.2.24 using the following command:

/usr/local/lsws/admin/misc/lsup.sh -v 4.2.24

If you are running version 5.0 or 5.0.1, please upgrade to 5.0.2 instead using this command:

/usr/local/lsws/admin/misc/lsup.sh -v 5.0.2

Please note that we do not recommend upgrading from the 4.2 series to the 5.0 series at this time.

For more information, please see the following references:

If you are running any other applications which provide their own copy of OpenSSL, we recommend that you check with the application vendor to see if you need to apply a security patch.

If you have any questions or need assistance, please contact us and we'll be happy to help.


Read more »



May
13
Emergency Maintenance: Various Internal Systems
Posted by Kevin Stange on 13 May 2015 05:48 PM

We will be performing maintenance to address security concerns related to a recent security disclosure by rebooting servers hosting various customer-facing and internal infrastructure systems to patch the vulnerability.

Date: Thursday, May 14th, 2015
Start Time: 12:00 AM CDT (GMT -5)
End Time: 2:00 AM CDT (GMT -5)
Maintenance Scope: Help Desk, Management Portal, Internal VPN, Phone System

Customer Impact:

No customer services or systems will be impacted. Access to phone support, IPMI and Internal Network VPN, help desk tickets, knowledge base articles, billing, bandwidth graphs, remote reboot control and account management will be unavailable at points during the maintenance period. We do not expect this work to require the entire maintenance period.

If you have any questions, please visit our help deskemail us, or call us at 1-888-281-9449 or 1-312-602-2689.  There will be no point at which both the help desk and phone systems are offline simultaneously.


Read more »



May
1
Network Maintenance: Equinix Fiber Path Maintenance
Posted by Kevin Stange on 01 May 2015 02:41 PM

We have scheduled maintenance on links between Equinix CH1 and our Chicago core network to improve link quality.

Date: Sunday, May 10th, 2015
Start Time: 12:00 AM CDT (GMT -5)
End Time: 2:00 AM CDT (GMT -5)
Maintenance Scope: Fiber path between Equinix CH1 (chi00) and Chicago core network (chi02)

Customer Impact:

We will be performing a hot cut to reduce the distance and complexity of a fiber path that connects our core network to service providers located in Equinix CH1.  This will affect multiple carrier circuits, and therefore will affect all customers using the Chicago network (chi01, chi02, chi18).  This work also affects specific customers with DWDM wavelengths to Equinix from Chicago facilities.  If you have one of these services, you will be notified directly as well.  It does not affect customers with dedicated fiber or layer 2 transport services from Equinix.

To minimize impact, all carrier sessions that will be affected will be gracefully turned down at the start of maintenance.  Once bandwidth has transferred to other providers, we will disconnect the fiber and cut it over to the new path.  Once all links are verified and stable, we will enable the carrier sessions again and bandwidth will return to its normal patterns.  While carriers are disabled, periods of suboptimal routing may occur.

While the work itself is expected to be completed quickly, we are reserving extra time in case of problems. This will give us the ability to resolve issues without having to extend the maintenance window.

If you need assistance during the maintenance, or if you have any questions about this planned work, please contact us via our helpdesk or by calling (312) 602-2689 or (888) 281-9449.


Read more »



May
1
R1Soft Server Backup Upgrade
Posted by Kevin Stange on 01 May 2015 12:10 PM

We have scheduled an upgrade of our R1Soft Server Backup (formerly Idera Server Backup or R1Soft CDP) platform software on cdp01.steadfast.net to version 5.10.0.  This update will fix minor bugs and provide enhancements to ext4 filesystem support.

This upgrade is being performed during the daytime, mid-week, because it is the lowest utilization period.

Date: Wednesday, May 13th, 2015
Start Time: 2:00 PM CST (GMT -6)
End Time: 3:00 PM CST (GMT -6)
Maintenance Scope: cdp01.steadfast.net Backup Server

Customer Impact:

Backups will not be performed and restoration services will be unavailable during the maintenance period. This maintenance will not impact customer equipment or services other than backup tasks.

If you are not already running agent version 5.10.0 or newer, it is strongly recommended.  It is safe to upgrade the agent to version 5.10.0 before the manager has been upgraded.

The full release notes may be viewed here.

If you have any questions regarding this maintenance, or for assistance in upgrading the agent on your server(s), please feel free to contact us via our helpdesk or by email.


Read more »



Apr
6
Network Maintenance: Shared Load Balancer & Firewall Upgrade
Posted by Kevin Stange on 06 April 2015 03:40 PM

We have scheduled a software upgrade of our shared load balancer and firewall platform in Chicago, IL.  This upgrade will fix known issues with certain load balancing configurations.

Date: Sunday, April 12th, 2015
Start Time: 12:00 AM CDT (GMT -5)
End Time: 3:00 AM CDT (GMT -5)
Maintenance Scope: Shared Load Balancer and Firewall in Chicago, IL

Customer Impact:

We will be performing a routine software upgrade procedure.  The units are in a redundant pair.  No interruption in service is expected, however a single point of failure will exist while one unit is under maintenance, and a subsequent failure could cause an brief outage.

To complete the maintenance, one unit will be placed into standby, upgraded, rebooted, and then returned to operation.  Once the first upgrade completes, the other unit will be upgraded using the same procedure.  Only customers using shared load balancing or firewall services will be affected.  Customers with dedicated firewall or load balancing equipment will not be impacted.

While the work itself is expected to be completed quickly, we are reserving extra time in case of problems. This will give us the ability to resolve issues without having to extend the maintenance window.

If you need assistance during the maintenance, or if you have any questions about this planned work, please contact us via our helpdesk or by calling (312) 602-2689 or (888) 281-9449.


Read more »



Mar
5
Management Portal and Help Desk Database Upgrade
Posted by Kevin Stange on 05 March 2015 06:35 PM

We have scheduled an upgrade of the database infrastructure that services our Help Desk (support.steadfast.net) and Management Portal (manage.steadfast.net).  This upgrade will improve application performance and reliability.

Date: Sunday, March 15th, 2015
Start Time: 12:00 AM CDT (GMT -5)
End Time: 2:00 AM CDT (GMT -5)
Maintenance Scope: Help Desk (support.steadfast.net) and Management Portal (manage.steadfast.net)

Customer Impact:

No customer services or systems will be impacted. Access to help desk tickets, knowledge base articles, billing, bandwidth graphs, remote reboot control and account management will be unavailable at points during the maintenance period. We do not expect this upgrade to require the entire maintenance period.

If you have any questions, please visit our help desk or email us.  For immediate assistance during the upgrade, please call us at 1-888-281-9449 or 1-312-602-2689.


Read more »