<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Chào cả nhà, <br>
<br>
Thêm tý thông tin cho vụ hot này ("it's really Bad"). <br>
<br>
--<a name="vps">
<p style="font-family:Arial, Helvetica, sans-serif;
font-size:15px; color:#333333; margin:0 0 20px; padding:0;
line-height:22px; text-align:justify">It's <i>really</i> bad.
Web servers can keep a lot of information in their active
memory, including user names, passwords, and even the content
that user have uploaded to a service. But worse even than that,
the flaw has made it possible for hackers to steal encryption
keys, the codes used to turn gibberish encrypted data into
readable information.</p>
<p style="font-family:Arial, Helvetica, sans-serif;
font-size:15px; color:#333333; margin:0 0 15px; padding:0;
line-height:22px;">With encryption keys, hackers can intercept
encrypted data moving to and from a site's servers and read it
without establishing a secure connection. This means that unless
the companies running vulnerable servers change their keys, even
future traffic will be susceptible.</p>
</a>-- <br>
<br>
<h2 style="font-family:Arial, Helvetica, sans-serif; font-size:24px;
text-align:center; font-weight:bold; color:#30b2e6; margin:15px 0
0 0; padding:0; line-height:22px; text-align:center">Important –
Impact of the Heartbleed bug on your ResellerClub Account </h2>
<br>
<p style="font-family:Arial, Helvetica, sans-serif; font-size:15px;
color:#333333; margin:0 0 20px; padding:0; line-height:22px;
text-align:justify">
It's been a while since there was a computer security bug that we
all had to worry about. Unfortunately, it seems like we may all
have been facing one for two years and not even realized it.</p>
<p style="font-family:Arial, Helvetica, sans-serif; font-size:15px;
color:#333333; margin:0 0 20px; padding:0; line-height:22px;
text-align:justify">Earlier this week, security researchers
announced a security flaw in OpenSSL, a popular data encryption
standard, that gives hackers who know about it the ability to
extract massive amount of data from the services that we use every
day and assume are mostly secure.</p>
<p style="font-family:Arial, Helvetica, sans-serif; font-size:15px;
color:#333333; margin:0 0 20px; padding:0; line-height:22px;
text-align:justify">This isn't simply a bug in some app that can
quickly be updated - the vulnerability is in on the machines that
power services that transmit secure information, like Facebook and
Gmail. Read on to know more about how this affects you as a
ResellerClub Reseller.</p>
<p style="font-family:Arial, Helvetica, sans-serif; font-size:15px;
color:#333333; margin:0 0 20px; padding:0; line-height:22px;
text-align:justify">In this mail you will find information on: </p>
<ul style="padding: 0px 25px; font-family:
Arial,Helvetica,sans-serif; font-style: normal; font-variant:
normal; font-weight: normal; font-size: 12px; font-size-adjust:
none; font-stretch: normal; line-height: 20px; margin-bottom:
10px;">
<li style="font-family:Arial, Helvetica, sans-serif;
font-size:14px; color:#434343; margin:5px 0 0 0; padding:0;
line-height:22px;"><a style="color:#30b2e6;
text-decoration:none;"
href="mailbox:///Mail-2011/Inbox?number=181125869#oursteps"
text="" decoration="none">Steps that we are taking </a></li>
<li style="font-family:Arial, Helvetica, sans-serif;
font-size:14px; color:#434343; margin:5px 0 0 0; padding:0;
line-height:22px;"><a style="color:#30b2e6;
text-decoration:none;"
href="mailbox:///Mail-2011/Inbox?number=181125869#ursteps"
text="" decoration="none">Steps that you have to take</a>
</li>
<li style="font-family:Arial, Helvetica, sans-serif;
font-size:14px; color:#434343; margin:5px 0 0 0; padding:0;
line-height:22px;"><a style="color:#30b2e6;
text-decoration:none;"
href="mailbox:///Mail-2011/Inbox?number=181125869#hrtbld"
text="" decoration="none">Know more about the Heartbleed bug</a>
</li>
</ul>
<p style="font-family:Arial, Helvetica, sans-serif; font-size:15px;
color:#333333; margin:0 0 20px; padding:0; line-height:22px;
text-align:justify"><a name="oursteps"><b><u>Steps that we are
taking</u>:</b></a></p>
<a name="oursteps">
<ul style="padding: 0px 25px; font-family:
Arial,Helvetica,sans-serif; font-style: normal; font-variant:
normal; font-weight: normal; font-size: 12px; font-size-adjust:
none; font-stretch: normal; line-height: 20px; margin-bottom:
10px;">
<li style="font-family:Arial, Helvetica, sans-serif;
font-size:14px; color:#434343; margin:5px 0 0 0; padding:0;
line-height:22px;">We have updated the OpenSSL packages
installed on all our shared hosting servers</li>
<li style="font-family:Arial, Helvetica, sans-serif;
font-size:14px; color:#434343; margin:5px 0 0 0; padding:0;
line-height:22px;">At 05:30 hrs (GMT) on 11 Apr, 2014 Orderbox
will force-terminate all active logged in sessions to prevent
abuse by any hackers who may have exploited this bug.
</li>
<li style="font-family:Arial, Helvetica, sans-serif;
font-size:14px; color:#434343; margin:5px 0 0 0; padding:0;
line-height:22px;">At this time, Orderbox may experience a
disturbance of upto 5 minutes and no orders on Supersite or
API will be processed. You will be required you to login again
to your Control Panel to continue managing your account</li>
</ul>
</a> <br>
<p style="font-family:Arial, Helvetica, sans-serif; font-size:15px;
color:#333333; margin:0 0 20px; padding:0; line-height:22px;
text-align:justify"><b><u><a name="ursteps">Steps that you have to
take</a></u></b><a name="ursteps">:</a></p>
<a name="ursteps"> </a>
<ol style="padding: 0px 25px; font-family:
Arial,Helvetica,sans-serif; font-style: normal; font-variant:
normal; font-weight: normal; font-size: 12px; font-size-adjust:
none; font-stretch: normal; line-height: 20px; margin-bottom:
10px;">
<a name="ursteps">
<li style="font-family:Arial, Helvetica, sans-serif;
font-size:14px; color:#434343; margin:5px 0 0 0; padding:0;
line-height:22px;">The Heartbleed bug makes it practically
impossible to detect history of abuse, but to be on the safer
side, we strongly recommend that you change your Reseller
Account passwords and also announce to your customers that
they should change their passwords.</li>
<li style="font-family:Arial, Helvetica, sans-serif;
font-size:14px; color:#434343; margin:5px 0 0 0; padding:0;
line-height:22px;">Hosting and/or SSL Certificate customers
with Resellerclub:
</li>
<ul style="padding: 0px 25px; font-family:
Arial,Helvetica,sans-serif; font-style: normal; font-variant:
normal; font-weight: normal; font-size: 12px;
font-size-adjust: none; font-stretch: normal; line-height:
20px; margin-bottom: 10px;">
<li style="font-family:Arial, Helvetica, sans-serif;
font-size:14px; color:#434343; margin:5px 0 0 0; padding:0;
line-height:22px;">If you have purchased both hosting and
SSL Certificates for an installation from ResellerClub,
follow <b>steps a and c</b> below</li>
<li style="font-family:Arial, Helvetica, sans-serif;
font-size:14px; color:#434343; margin:5px 0 0 0; padding:0;
line-height:22px;">If you have purchased hosting from
ResellerClub and have SSL enabled on it with an SSL
Certificate from a 3rd party vendor for your installation,
follow <b>steps b and c</b> below</li>
<li style="font-family:Arial, Helvetica, sans-serif;
font-size:14px; color:#434343; margin:5px 0 0 0; padding:0;
line-height:22px;">If you have purchased SSL Certificated
from ResellerClub but host with a 3rd party provider, follow
<b>step a</b> below and reinstall the Certificate according
to the instructions of your hosting provider </li>
</ul>
</a>
<ol type="a">
<a name="ursteps"> </a>
<li style="font-family:Arial, Helvetica, sans-serif;
font-size:14px; color:#434343; margin:5px 0 0 0; padding:0;
line-height:22px;"><a name="ursteps">You will need to re-issue
the SSL certificate from the Orderbox control panel by
referring the steps mentioned in the following KB article :
</a><a style="color:#30b2e6; text-decoration:none;"
target="_blank"
href="http://manage.resellerclub.com/kb/servlet/KBServlet/faq1094.html"
text="" decoration="none">http://manage.resellerclub.com/kb/servlet/KBServlet/faq1094.html</a></li>
<li style="font-family:Arial, Helvetica, sans-serif;
font-size:14px; color:#434343; margin:5px 0 0 0; padding:0;
line-height:22px;">You will need to contact your vendor to
re-issue the SSL certificate. Once the SSL certificates are
re-issued, you need to install the new certificates under the
hosting packages.</li>
<li style="font-family:Arial, Helvetica, sans-serif;
font-size:14px; color:#434343; margin:5px 0 0 0; padding:0;
line-height:22px;">You will need to install the reissued SSL
Certificate by following the instructions relevant to you from
the below options:</li>
<p style="font-family:Arial, Helvetica, sans-serif;
font-size:15px; color:#333333; margin:0 0 20px; padding:0;
line-height:22px; text-align:justify"><b>For cpanel</b>:<br>
<a style="color:#30b2e6; text-decoration:none;"
target="_blank"
href="http://docs.cpanel.net/twiki/bin/view/AllDocumentation/CpanelDocs/ActivateSSLOnYourWebsite"
text="" decoration="none">http://docs.cpanel.net/twiki/bin/view/AllDocumentation/CpanelDocs/ActivateSSLOnYourWebsite</a>
</p>
<p style="font-family:Arial, Helvetica, sans-serif;
font-size:15px; color:#333333; margin:0 0 20px; padding:0;
line-height:22px; text-align:justify"><b>For Plesk</b>:<br>
<a style="color:#30b2e6; text-decoration:none;"
target="_blank"
href="http://download1.parallels.com/Plesk/PP11/11.5/Doc/en-US/online/plesk-administrator-guide/index.htm?fileName=70920.htm"
text="" decoration="none">http://download1.parallels.com/Plesk/PP11/11.5/Doc/en-US/online/plesk-administrator-guide/index.htm?fileName=70920.htm</a></p>
</ol>
<li style="font-family:Arial, Helvetica, sans-serif;
font-size:14px; color:#434343; margin:5px 0 0 0; padding:0;
line-height:22px;">In case you use the ResellerClub API, we
strongly suggest that you regenerate your API key by logging
into your Control Panel and navigating to Settings >> API
and clicking on ‘Regenerate’ icon to get your revised API key.
Update your API calls to use the new key.</li>
<li style="font-family:Arial, Helvetica, sans-serif;
font-size:14px; color:#434343; margin:5px 0 0 0; padding:0;
line-height:22px;">If you have WHM access on the hosting
packages that you resell through us, you can use the force
password reset option in WHM to ensure that all your hosting
customers change their passwords</li>
</ol>
<br>
<p style="font-family:Arial, Helvetica, sans-serif; font-size:15px;
color:#333333; margin:0 0 20px; padding:0; line-height:22px;
text-align:justify"><b><u><a name="hrtbld">What is the Heartbleed
bug?</a></u></b></p>
<a name="hrtbld">
<p style="font-family:Arial, Helvetica, sans-serif;
font-size:15px; color:#333333; margin:0 0 20px; padding:0;
line-height:22px; text-align:justify">Heartbleed is a flaw in
OpenSSL, the open-source encryption standard used by the
majority of sites on the web that need to transmit data users
want to keep secure. It basically gives you a "secure line" when
you're sending an email or chatting on IM.</p>
<p style="font-family:Arial, Helvetica, sans-serif;
font-size:15px; color:#333333; margin:0 0 20px; padding:0;
line-height:22px; text-align:justify">Encryption works by making
it so that data being sent looks like nonsense to anyone but the
the intended recipient.</p>
<p style="font-family:Arial, Helvetica, sans-serif;
font-size:15px; color:#333333; margin:0 0 20px; padding:0;
line-height:22px; text-align:justify">Occasionally, one computer
might want to check that there's still a computer at the end of
its secure connection, so it will send out what's known as a
"heartbeat," a small packet of data that asks for a response.</p>
<p style="font-family:Arial, Helvetica, sans-serif;
font-size:15px; color:#333333; margin:0 0 20px; padding:0;
line-height:22px; text-align:justify">Due to a programming error
in the implementation of OpenSSL, the researchers found that it
was possible to send a well-disguised packet of data that looked
like one of these heartbeats to trick the computer at the other
end of a connection into sending over data stored in its memory.</p>
<p style="font-family:Arial, Helvetica, sans-serif;
font-size:15px; color:#333333; margin:0 0 20px; padding:0;
line-height:22px; text-align:justify"><b><u>How bad is that?</u></b></p>
</a><a name="vps">
<p style="font-family:Arial, Helvetica, sans-serif;
font-size:15px; color:#333333; margin:0 0 20px; padding:0;
line-height:22px; text-align:justify">It's <i>really</i> bad.
Web servers can keep a lot of information in their active
memory, including user names, passwords, and even the content
that user have uploaded to a service. But worse even than that,
the flaw has made it possible for hackers to steal encryption
keys, the codes used to turn gibberish encrypted data into
readable information.</p>
<p style="font-family:Arial, Helvetica, sans-serif;
font-size:15px; color:#333333; margin:0 0 15px; padding:0;
line-height:22px;">With encryption keys, hackers can intercept
encrypted data moving to and from a site's servers and read it
without establishing a secure connection. This means that unless
the companies running vulnerable servers change their keys, even
future traffic will be susceptible.</p>
<p style="font-family:Arial, Helvetica, sans-serif;
font-size:15px; color:#333333; margin:0 0 15px; padding:0;
line-height:22px;"><b><u>Additional details can be checked at:</u></b></p>
</a>
<p style="font-family:Arial, Helvetica, sans-serif; font-size:15px;
color:#333333; margin:0 0 15px; padding:0; line-height:22px;"><a
name="vps"></a><a style="color:#30b2e6; text-decoration:none;"
target="_blank"
href="http://forums.myorderbox.com/index.php?/topic/4952-massive-security-flaw-thats-taken-over-the-internet/"
text="" decoration="none">http://forums.myorderbox.com/index.php?/topic/4952-massive-security-flaw-thats-taken-over-the-internet/</a>
and <a style="color:#30b2e6; text-decoration:none;"
href="http://heartbleed.com" target="_blank" text=""
decoration="none">www.heartbleed.com</a></p>
<p style="font-family:Arial, Helvetica, sans-serif; font-size:15px;
color:#333333; margin:0 0 15px; padding:0; line-height:22px;">Should
you require any further information about this email, please feel
free to get in touch with us.</p>
<p style="font-family:Arial, Helvetica, sans-serif; font-size:15px;
color:#333333; margin:0 0 15px; padding:0; line-height:22px;">
Regards,<br>
Team ResellerClub </p>
<br>
<div class="moz-cite-prefix">On 4/11/14 11:01 AM, Truong Anh. Tuan
wrote:<br>
</div>
<blockquote
cite="mid:766129663.2179.1397188882794.JavaMail.zimbra@iwayvietnam.com"
type="cite">
<pre wrap="">
----- Original Message -----
</pre>
<blockquote type="cite">
<pre wrap="">From: "Thế Hùng Nguyễn" <a class="moz-txt-link-rfc2396E" href="mailto:thehung@vinades.vn"><thehung@vinades.vn></a>
To: "VFOSSA Members" <a class="moz-txt-link-rfc2396E" href="mailto:members@lists.vfossa.vn"><members@lists.vfossa.vn></a>
Sent: Friday, April 11, 2014 10:44:28 AM
Subject: Re: [VFOSSA] Fwd: Lỗi bảo mật OpenSSL HeartBleed
Các ngân hàng báo đã fix xong hết rùi.
</pre>
</blockquote>
<pre wrap="">
Cái này còn phải xét!
Anh nghĩ mấy bố admin NH chỉ làm cho có lấy thành tích thôi.
Bản chất của lỗi này là bị leak mất private key. Nên 2 năm qua, nếu có
attacker nào đã chén private key rồi thì coi như nó đã nắm khóa trong tay.
Các bé có nâng cấp bán vá thì cũng chỉ là để không bị mất key nữa, còn nếu
không thay khóa thì chúng vẫn dùng khóa cũ mở nhà mình bình thường :D
Clear??
Check thử phát cho vui, thấy ngay ACB Online [1] vẫn dùng key cũ, issue
ngày 04/08/2013 bởi VeriSign (loại Class 3 EV [2], bảo mật "cực cao" :D)
Dự là ACB sắp kiện VeriSign được đòi tiền bảo hiểm 1.5tr USD vì có SSL rồi
mà vẫn bị phá khóa :). Trừ khi VeriSign vớ vẩn thế nào lại đã đi gửi thông
báo cho từng khách hàng về việc phải re-issue lại key mới (mà việc này thì
mình không tin là một hãng như VeriSign lại không làm - vì iWay còn làm :)
Kind regards,
Tuan
[1] <a class="moz-txt-link-freetext" href="https://www.acbonline.com.vn/">https://www.acbonline.com.vn/</a>
[2] <a class="moz-txt-link-freetext" href="http://www.symantec.com/verisign/ssl-certificates/secure-site-pro-ev?fid=ssl-certificates">http://www.symantec.com/verisign/ssl-certificates/secure-site-pro-ev?fid=ssl-certificates</a>
_______________________________________________
POST RULES: <a class="moz-txt-link-freetext" href="http://wiki.vfossa.vn/guidelines:mailinglist">http://wiki.vfossa.vn/guidelines:mailinglist</a>
_______________________________________________
Members mailing list: <a class="moz-txt-link-abbreviated" href="mailto:Members@lists.vfossa.vn">Members@lists.vfossa.vn</a>
<a class="moz-txt-link-freetext" href="http://lists.vfossa.vn/mailman/listinfo/members">http://lists.vfossa.vn/mailman/listinfo/members</a>
VFOSSA website: <a class="moz-txt-link-freetext" href="http://vfossa.vn/">http://vfossa.vn/</a></pre>
</blockquote>
<br>
<div class="moz-signature">-- <br>
<meta http-equiv="CONTENT-TYPE" content="text/html; charset=UTF-8">
<title>Binh Signature</title>
<meta name="GENERATOR" content="OpenOffice.org 3.3 (Unix)">
<meta name="CREATED" content="0;0">
<meta name="CHANGEDBY" content="Binh Vu">
<meta name="CHANGED" content="20131001;21421600">
<meta name="CHANGEDBY" content="Binh Vu">
<p style="margin-bottom: 0in; background: transparent"
align="LEFT"><font color="#000000"><font face="Arial,
sans-serif"><font size="2">--
</font></font></font>
</p>
<p style="margin-bottom: 0in; background: transparent"
align="LEFT"><font color="#000000"><font face="Arial,
sans-serif"><font size="2">Vu
The Binh (Mr.) | CEO</font></font></font></p>
<p style="margin-bottom: 0in; background: transparent"
align="LEFT"><font color="#000000"><font face="Arial,
sans-serif"><font size="2">NETNAM
CORPORATION</font></font></font></p>
<p style="margin-bottom: 0in; background: transparent"
align="LEFT"><font color="#000000"><font face="Arial,
sans-serif"><font size="2">18
Hoang Quoc Viet, Cau Giay, Hanoi, Vietnam</font></font></font></p>
<p style="margin-bottom: 0in; background: transparent"
align="LEFT"><font color="#000000"><font face="Arial,
sans-serif"><font size="2">(T)+84-4-37
564 907, (F)+84-4-37 561 888, (M)+84-(0)-9 0343 4477 </font></font></font>
</p>
<p style="margin-bottom: 0in; background: transparent"
align="LEFT"><font color="#000000"><font face="Arial,
sans-serif"><font size="2">(E)
<a class="moz-txt-link-abbreviated" href="mailto:binh.vt@netnam.vn">binh.vt@netnam.vn</a> ; <a class="moz-txt-link-abbreviated" href="mailto:binh@netnam.vn">binh@netnam.vn</a> (W) <a class="moz-txt-link-abbreviated" href="http://www.netnam.vn">www.netnam.vn</a></font></font></font></p>
<p style="margin-bottom: 0in; background: transparent"
align="LEFT"><font color="#000000"><font face="Arial,
sans-serif"><font size="2">--</font></font></font></p>
<p style="margin-bottom: 0in; background: transparent"
align="LEFT"><font color="#000000"><font face="Arial,
sans-serif"><font size="2">NetNam
- one of the best ISPs and Solution Providers in Vietnam,
</font></font></font>
</p>
<p style="margin-bottom: 0in; background: transparent"
align="LEFT"><font color="#000000"><font face="Arial,
sans-serif"><font size="2">specialized
in Corporate networks, Managed ICT services & security
solutions.</font></font></font></p>
<p style="margin-bottom: 0in; background: transparent"
align="LEFT"><font color="#000000"><font face="Arial,
sans-serif"><font size="2">--</font></font></font></p>
<p style="margin-bottom: 0in; background: transparent"
align="LEFT"><font color="#000000"><font face="Arial,
sans-serif"><font size="2">Your
Net, We Care! </font></font></font>
</p>
<p><a href="http://vn.linkedin.com/in/vuthebinh"><img
src="cid:part22.09060802.03090804@netnam.vn"
name="graphics2" align="BOTTOM" border="0" height="33"
width="160"></a><a
href="http://vn.linkedin.com/in/vuthebinh">
</a><font color="#000000"><font face="Times New Roman, Times,
serif"><font size="2"><br>
<a href="http://netnamonline.com/marketing/index.html"><img
src="cid:part25.03010508.02050007@netnam.vn"
name="graphics1" align="BOTTOM" border="0"
height="115" width="623"></a></font></font></font></p>
</div>
</body>
</html>