Veiligheidswaarschuwing: “Ghost” lek in Linux distributies

Beste klanten,

Recent werd er een lek gevonden in bijna alle Linux distributies via de “Name Service Switch (nss) library”. Deze bug staat mensen toe om toegang te krijgen tot deze systemen en hierop code uit te voeren.

U kan onderaan dit bericht verdere informatie terugvinden, alsook de uitleg hoe u dit lek kan sluiten. Edpnet heeft haar systemen reeds geüpdatet, we raden onze klanten aan om hetzelfde te doen.

A heap-based buffer overflow was found in glibc’s __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application.

Bron en info: http://ma.ttias.be

Met vriendelijke groeten, Het edpnet team


Security bulletin: “Ghost” vulnerability on Linux devices

Dear customers,

Recently a critical security bug has been found with the Name Service Switch (nss) library in almost all Linux distributions. This bug can allow attackers to gain access to affected systems remotely by possibility to remotely execute arbitrary machine code without permissions.

Information on this bug and how it can be resolved can be found below. Edpnet has already patched this vulnerability on all of its servers, and we strongly advice our customers to do the same.

A heap-based buffer overflow was found in glibc’s __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application.

Source and info: http://ma.ttias.be

Best regards,The edpnet team

*All times are listed in CET, Central European Time


Info: Phishing report

Dear customers,Some customers have received the phishing e-mail below.
We would like to inform you that this message can be disregarded and is not coming from edpnet.

What is Phishing? Phishing emails are fraudulent messages made to look like they were sent by reputable companies in an attempt to gather your personal and financial details.

Example:


From: INFO SERVICE TELENET [mailto:<removed>]
Sent: woensdag 3 december 2014 16:30
Subject: *Chers (es) clients (es) de EDPNET,*
*Chers (es) clients (es) de EDPNET,*
Le service technique chargé de la maintenance des comptes de messagerie a détecté des accès illégaux à votre messagerie à travers différentes adresses IP. Au risque que votre compte ne soit suspendu dans les prochains jours, notre service de maintenance vous demande de confirmer vos accès de connexion. Au cas où les informations ne seront pas fournies, votre accès à la messagerie serait suspendu définitivement. Pour des raisons de sécurité, veuillez fournir l’intégralité des informations demandées.
Complétez les informations suivantes pour la confirmation à votre accès

* Nom d’utilisateur:………………………………….
* Mot de passe:………………………………………. 
* Adresse e-mail :…………………………………… 
* Mot de passe :………………………………………
* E-mail secondaire :………………………………… 
* Mot de passe :………………………………………. 
* Date de naissance:………………………………… 
* Pays ou territoire:…………………………………..
* Profession:………………………………………………
* Tel:…………………………………………………………
Dès la réception de ces informations, votre messagerie serait suivie contre les accès illégaux. Merci de votre collaboration. 

Webmail EDPNET*

*Cordialement,*

*L’équipe EDPNET*

Info: Possible Power Shortage

Edpnet would like to inform you of the availability of our services during the possible powercuts.

Our government and the media already communicated about the possible power shortage in the next coming months. It is possible that rotational electrical power cuts will be executed in order to avoid a general power outage at any time.
These power cuts will be executed in phases, per areas, presumably during peak hours (between 17h and 20h).

Meanwhile, the government launched the campaign “Off/On” with the aim to provide as much useful information as possible and to answer the many questions you are facing: www.offon.be

You can visit following pages as well:
http://economie.fgov.be/nl/elektriciteitsschaarste
http://economie.fgov.be/fr/penurie_electricite

Will there be a power cut for my area?

The edpnet colocation is not included in a region for a possible power cut. Moreover our colocation is equipped with a UPS system and a backup power supply.  Edpnet will still be reachable by phone as well.

You can check whether your street is included or not on following sites:
http://economie.fgov.be/nl/elektriciteitsschaarste/afschakelplan/kaarten
http://economie.fgov.be/fr/penurie_electricite/plan-delestage/cartes
You can also register on http://be-alert.be (address, two phone numbers, two e-mail addresses) and you will be notified 24 hours in advance via text message and email if there will be a power cut. This is a service offered by the federal government.

Will everything still work?

First and foremost, if the power is interrupted locally and you do not have a back-up power supply, your edpnet services are interrupted immediately. Your modem/router will go offline.

Devices with batteries, e.g. mobile phones or portable phones will function until the battery is empty. Provided that the underlying service remains operational.
An overview:

Internet

  • ADSL/VDSL
    • Edpnet Site: No interruption
    • Supplier Site: Possible interruption for DSL lines connected to street cabinets without a back-up power system
  • SDSL/Fiber/EFM/MPLS/DWDM
    • Edpnet Site: No interruption
    • Supplier Site: No interruption

Telephony

  • edpnet Telephony (VOIP/SIP trunk/VPBX)
    • Edpnet Site: No interruption
    • Supplier Site: No interruption
  • edpnet mobile
    • Edpnet Site: No interruption
    • Supplier Site: No interruption for 2h (estimated antenna battery life)
      Please text instead of calling

Hosting

  • Webhosting/e-mail/Virtual-Dedicated
    • Edpnet Site: No interruption
  • Colocation
    • Edpnet Site: No interruption
    • Supplier Site: No interruption

Other Services

  • IP Transit
    • Edpnet Site: No interruption
    • Supplier Site: No interruption
  • Online Backup
    • Edpnet Site: No interruption
    • Supplier Site: No interruption

Will my internet connection still work?

Both edpnet’s and its supplier network infrastructure will remain operational for 4 hours for DSL lines. However, lines (typically VDSL lines) connected to street cabinets (these units are not equipped with a back-up power supply) will go offline.  But at the same time, your local power supply will be interrupted and your modem / router will go offline.

If you have a back-up power supply yourself, you will not go offline unless the street cabinet to which your DSL line is connected does not have its own back-up power supply.

Will my edpnet telephony subscription (internet telephony) still work?

As long as your appliances have power and your internet connection is online, your telephony service will work.

Will my edpnet mobile subscription (mobile phones) still work?

The antennas in your area are equipped with batteries which are able to cope with a two-hour power cut. We strongly advise you to use text messages instead of calling. Do not forget that data drains your battery very quickly. Charge your mobile phone in time if you know that there will be a power cut.

An important tip

Once power has returned, please do not restart all your appliances at once in order to avoid new disruptions on the mains network. We recommend you to switch off all your appliances and to pull the plug(s) if you are informed that the power will be cut. This minimizes the risk that they might be damaged when the power to your home is actually shut down.

Edpnet can cope with normal power restrictions and power failures when it comes to keeping its network equipment operational. The accuracy and completeness of the measures taken cannot be guaranteed in the exceptional situation of a national power outage plan and the related general local power cut-offs. Both the power outage plan as the activation process are government decisions. As stated in our General Terms and Conditions, edpnet is not liable for the unavailability of any edpnet service due to circumstances beyond edpnet’s control. Therefore edpnet cannot be held liable for any consequences or damages resulting from this outage.


26 November – Short connectivity issue

Dear customers,

Because of a change on our core infrastructure, customers without a fixed IP may have had issues with their connection. Rebooting the modem solved the issue. Professional customers with a fixed IP did not have any impact.

We apologize for the inconvenience

The edpnet team

*All times are listed in CET, Central European Time


24 November – EFM + Fiber outage information

Dear customers,

We had an outage on all the EFM and Fiber connections this morning. The cause was a defective connector card on the Proximus Backbone. The card was replaced at 7.25AM.

Description: 
Start: 2014-11-24 02:15 AM*
End: 2014-11-24 07:25 AM*
Duration: 05h 10m
Impacted services:  All services for our Fiber and EFM customers.

These customers have been informed by email.

Update: There was also an unannounced maintenance in Brussels last night. We had 2 interruptions between 2AM and 6AM

Start: 2014-11-24 02:00 AM*
End: 2014-11-24 06:00 AM*
Duration:
Impacted services:  All customers in the Brussels area.

We apologize for the inconvenience

The edpnet team

*All times are listed in CET, Central European Time


18 November – Proximus maintenance near Charleroi

UPDATE: Maintenance done.

Dear customers,

Proximus has planned a maintenance in one of their data centers. There may be a short disconnect of 15 minutes during the below mentioned timeframe.

Description: Preventative maintenance at Proximus
Start: 2014-11-24 02:00 AM*
End: 2014-11-24 06:00 AM*
Duration: 15 minutes
Impacted services: All edpnet services in the following telephone zones: 010, 060, 064, 065, 067, 068, 069, 071.

We apologize for the inconvenience

The edpnet team

*All times are listed in CET, Central European Time


13 November – Speed issues in Antwerp, Limburg and Flemish Brabant

Update: Services are restored, there was a cabling issue in the collocation center.

Dear customers,

One of the access lines between the Proximus network and our network is currently down. As a result of this outage, all traffic is automatically rerouted.
Customers in the regions Antwerp, Limburg, and parts of Flemish Brabant may encounter slower internet speeds (packet loss and a higher latency) during this rerouting.

A Proximus technician will go onsite to resolve the issue.

Description: 
Start: 2014-11-13 09:04 AM*
End: 2014-11-13 11:19 AM*
Impacted services: Internet services in the above mentioned regions.

We apologize for the inconvenience

The edpnet team

*All times are listed in CET, Central European Time


10 November – Vandalism in Proximus buildings

Dear customers,

Due to suspected vandalism on the Proximus network, 2 LEX’s have been disconnected. Multiple copper and fiber cables were cut, causing a large impact on ADSL and VDSL customers.

Update: According to Proximus, the last connections should be up by tomorrow evening.
The affected customers are in zones 071, Gosselies and Montigny-le-Tilleul.

More info: standaard.be (Dutch Article)

Description: Cables cut in LEX’s Wallonia
Start: 2014-11-08
Expected End: 2014-11-11 PM
Duration: /
Impacted services: All edpnet services for the affected customers

We apologize for the inconvenience

The edpnet team

*All times are listed in CET, Central European Time


3 November – Proximus Maintenance – Liège

Dear customers,Proximus has scheduled a maintenance on its core infrastructure. Edpnet customers may experience disconnections during the maintenance. Please find details below.

Description: Maintenance Liège
Start: 2014-11-10 02:00 AM*
End: 2014-11-10 06:00 AM*
Duration: 15 minutes
Impacted services: All edpnet services in the following telephone areas: 019, 041, 061, 063, 080, 081, 082, 083, 084, 085, 086, 087.

We apologize for the inconvenience

The edpnet team

*All times are listed in CET, Central European Time