Digibase Operations
Donate by paypal:

≫ Home

Welcome to Digibase Operations, we are a non-profit research and development organization of security and advanced computer systems. We are an organization devoted to helping the public good. We operate solely from donations.


Ongoing incident at Savvis/CenturyLink

Posted: Tue, 22 Apr 2014 21:33:34 -0500 in Observations
by Kradorex Xeron
Today, beginning just after 07:30 EDT this morning and continuing through to the time of writing, there has been a fairly major impact to Internet operations with an incident occurring on the network of Savvis/CenturyLink, which is an Internet backbone -- a company responsible for providing transit between other networks. The following is the current scoreboard at the status display at the Internet Health Report:

(Click to Enlarge)

And the report from 19:00:

(Click to Enlarge)

The issue is impacting various websites including access by some to Slashdot.org and from reports seems to be due to a resource allocation issue on their network core routers that has just today been bumped up against.

To see if website or service accessibility issues you may encounter are the result of this incident, bring up a command line of your operating system and enter "traceroute domain.tld" (Unix/Linux, may require sudo/su) or "tracert domain.tld" (Windows cmd) replacing "domain.tld" with the domain name of the service without anything like http:// prefixing it. If the results provide "savvis.net" entries, then likely the issue you are experiencing is indeed this issue.

Savvis/CenturyLink has not provided any ETA to resolution, but has supplied this statement:

DATE OF EVENT: Tuesday, April 22, 2014
MASTER CASE: 4579123

UPDATE: In effort to resolve an ongoing incident, CenturyLink will be
reloading several internet facing backbone devices within our network.
This emergency maintenance will potentially result in an intermittent loss
of connectivity and/or latency for up to 15 minutes.  Clients with
non-redundant ATS MPLS and EVPL connectivity could experience additional
impact during this maintenance.  This activity is required to address a
resource constraint on several peering and hosting routers within the
CenturyLink backbone network.  CenturyLink will notify all impacted clients
via email at the beginning and after the completion of the maintenance
activity.  We apologize for the inconvenience.

CRC Management
North America - 888 638 6771
EMEA - 00800 7288 4743
Asia-Pacific - +65 63058099

(Link to Article)

Statement on OpenSSL "Heartbleed" vulnerability

Posted: Tue, 15 Apr 2014 18:41:13 -0500 in Operational
by Kradorex Xeron
In response to the OpenSSL version 1.0.1 though 1.0.1f "Heartbleed" vulnerability which is covered by our two advisories DBSA-2014-0007 and DBSA-2014-0008 that is patched by OpenSSL 1.0.1g, this is our statement on the impact to our computer network:

As you likely know through media reports, there currently is a vulnerability in play called "Heartbleed" which effects many websites and services that deploy encryption through the SSL and TLS (Secure Sockets Layer/Transport Layer Security) suites. This vulnerability is due to a "Heartbeat" mechanism that ensures secured connections are kept open when idle that lacked a specific check.

Our computer network does not implement the OpenSSL 1.0.1 series libraries nor do our user SSL services offer the heartbeat mechanism that is vulnerable to this exploit therefore our systems are unequivocally unaffected by the Heartbleed vulnerability. We are continuing to monitor the issue and offer support to those who are effected but again our systems are not effected and thus users may utilize their discretion for password and other credential changes.
(Link to Article)

Ongoing incident at BurstNET/DigiPLUS

Posted: Wed, 02 Apr 2014 17:17:30 -0500 in Observations
by Kradorex Xeron
There has been an apparent business decision at BurstNET to strategically relocate their main facility then to have their customer contracts and equipment purchased by another brand. This relocation appears to be a possible attempt to remove themselves from their current business liabilities.

Starting 20 March, BurstNET begun a relocation operation with less than 10 days notice to most of their clients, this saw many of their customers without notice and resulted in customer data and services becoming inaccessible and without accountability of who in total had custody of customer servers and thereby data. Equipment was reported by former clients to be removed from the old facility rapidly and in a disorderly manner.

This lack of open accountability has had the effect of causing many customers severe reputation loss. BurstNET has not responded correctly to most customer tickets and has subsequently sold their assets to a company created on 12 March, DigiPLUS. Custody of co-location servers (e.g. equipment not owned by BurstNET/DigiPLUS but rather their customers) have not been to date been fully accounted for to our knowledge.

It is strongly advised to avoid BurstNET and/or DigiPLUS due to stability and security concerns as there is no guarantee of availability nor security of sensitive and/or confidential data. If you are an existing customer it is advised as soon as you get access to your data to immediately perform a backup (if you are a VPS or dedicated server customer) or repossess (Co-location) your equipment and seek alternate arrangements.

We are releasing this notice as a part of our commitment to the Internet community as this incident has had security implications.


About BurstNET:
BurstNET was a datacenter operator, where they hosted virtual private servers (VPSes) dedicated servers and offered physical rack space for colocation customers at their facilities. The two facilities in question are:

1205 O'Neil Highway, Dunmore, Pennsylvania  (Confirmed, old facility)
422 Prescott Ave, Scranton, Pennsylvania (Unconfirmed, new facility)
(Link to Article)

Operational Status Bulletins

Security Advisories