Category: Technology

This week we have seen another example of why you can’t be too paranoid about Internet security.

Code Spaces, a company that specializes in svn hosting (hosting your source code so your team can access it) announced that their servers were hacked big time. Apparently, the perpetrator began with a Denial of Service Attack then gained access to Code Spaces’ Amazon EC2 account. He or she then contacted Code Spaces via email in an attempt to extort a large fee to stop the attack. When the folks at Code Spaces attempted to take back control of their Amazon EC2 account, the hacker deleted all of their data including backups and off-site backups. Unable to recover, Code Spaces has made the decision to shutdown completely. The cost of the attack is just too great to continue.

As you may be aware, the “Heartbleed” bug in OpenSSL has made the rounds across the internet. As soon as it was disclosed this week we began an investigation to see where we were impacted. Xojo.com services were updated and our SSL certificate was quickly reissued. Xojo Cloud servers were also rapidly updated. This does mean that (like many sites) we were potentially vulnerable for a time until the patch was released.

This week, a major vulnerability, referred to as “Heartbleed” was discovered in OpenSSL. Bruce Schneier, who blogs about Internet security, called it, “catastrophic” and “on the scale of 1 to 10, this is an 11.” Heartbleed has left just about anyone with a server scrambling to find out if their version of OpenSSL is affected or not and then taking measures to update OpenSSL and make sure everything is working again.