Digibase Operations
Donate by paypal:

≫ Home

Welcome to Digibase Operations, we are a non-profit research and development organization of security and advanced computer systems. We are an organization devoted to helping the public good. We operate solely from donations.

Highlights

Statement on OpenSSL "Heartbleed" vulnerability

Posted: Tue, 15 Apr 2014 18:41:13 -0500 in Operational
by Kradorex Xeron
In response to the OpenSSL version 1.0.1 though 1.0.1f "Heartbleed" vulnerability which is covered by our two advisories DBSA-2014-0007 and DBSA-2014-0008 that is patched by OpenSSL 1.0.1g, this is our statement on the impact to our computer network:

As you likely know through media reports, there currently is a vulnerability in play called "Heartbleed" which effects many websites and services that deploy encryption through the SSL and TLS (Secure Sockets Layer/Transport Layer Security) suites. This vulnerability is due to a "Heartbeat" mechanism that ensures secured connections are kept open when idle that lacked a specific check.

Our computer network does not implement the OpenSSL 1.0.1 series libraries nor do our user SSL services offer the heartbeat mechanism that is vulnerable to this exploit therefore our systems are unequivocally unaffected by the Heartbleed vulnerability. We are continuing to monitor the issue and offer support to those who are effected but again our systems are not effected and thus users may utilize their discretion for password and other credential changes.
(Link to Article)

Ongoing incident at BurstNET/DigiPLUS

Posted: Wed, 02 Apr 2014 17:17:30 -0500 in Observations
by Kradorex Xeron
There has been an apparent business decision at BurstNET to strategically relocate their main facility then to have their customer contracts and equipment purchased by another brand. This relocation appears to be a possible attempt to remove themselves from their current business liabilities.

Starting 20 March, BurstNET begun a relocation operation with less than 10 days notice to most of their clients, this saw many of their customers without notice and resulted in customer data and services becoming inaccessible and without accountability of who in total had custody of customer servers and thereby data. Equipment was reported by former clients to be removed from the old facility rapidly and in a disorderly manner.

This lack of open accountability has had the effect of causing many customers severe reputation loss. BurstNET has not responded correctly to most customer tickets and has subsequently sold their assets to a company created on 12 March, DigiPLUS. Custody of co-location servers (e.g. equipment not owned by BurstNET/DigiPLUS but rather their customers) have not been to date been fully accounted for to our knowledge.

It is strongly advised to avoid BurstNET and/or DigiPLUS due to stability and security concerns as there is no guarantee of availability nor security of sensitive and/or confidential data. If you are an existing customer it is advised as soon as you get access to your data to immediately perform a backup (if you are a VPS or dedicated server customer) or repossess (Co-location) your equipment and seek alternate arrangements.

We are releasing this notice as a part of our commitment to the Internet community as this incident has had security implications.

Sources:


About BurstNET:
BurstNET was a datacenter operator, where they hosted virtual private servers (VPSes) dedicated servers and offered physical rack space for colocation customers at their facilities. The two facilities in question are:

1205 O'Neil Highway, Dunmore, Pennsylvania  (Confirmed, old facility)
422 Prescott Ave, Scranton, Pennsylvania (Unconfirmed, new facility)
(Link to Article)

Internet Trust -- The Day We Fight Back

Posted: Tue, 11 Feb 2014 05:38:44 -0500 in Security
by Kradorex Xeron
In today's day and age, Internet security has become increasingly more difficult and must not only be met with technological measures, but also sociological elements as well to keep that security at the ongoing forefront of all media in the most accurate ways possible.

Ongoing political exposures about various agencies throughout the world has created a chilling effect, where people feel no longer secure and trustful in their communications with friends, family, coworkers and associates. These chilling effects damage critically the nature of trust on the Internet -- the trust the Internet was founded on where network operators trust each other to provide correct routing information, where users, businesses and browser vendors trust Certificate Authorities to provide accurate information to ensure users are in fact communicating with the legitimate site, where users are providing information across a messaging and email services trusting that service won't be prying into the often very personal affairs. Now we have organizations being pressured to breach the trust of their users and clients.

These foundations of trust have been shaken and need re-solidification, need it more than ever now so that the trust can be re-built, so that people can communicate with confidence that they won't be shaken down because they used a "bad word" or spoken about the wrong subject, or shared the allegedly "wrong content" with others.

The Internet is a collaborative effort and through that collaboration the collective Internet must stand up for its values of trust regardless of language, regardless of political alignment, regardless of religion, creed, belief or anything of that sort.

We are therefore wishing to extend our support to the efforts of groups like The Day We Fight Back, and are joining in solidarity with them and the greater Internet community to protect those foundations that were worked so hard for to get this far, to create such an impressively large network of collaboration -- Perhaps humanity's greatest achievement of cooperation.

PDF
(Link to Article)

Operational Status Bullitins

Security Advisories