RBCommons and Cloudflare: Don’t worry, be happy!

There was a major security breach announced this week by Cloudflare, a popular service used by millions of sites. This security breach affected customers around the world, causing passwords, API tokens, private conversations, and more to be leaked into search engines and people’s browser sessions.

You probably have a lot of passwords you’ll need to change this week, but don’t worry, RBCommons does not use Cloudflare, nor do the services RBCommons depends on. Your information is safe!

We recommend that you take the time to ensure you’re using strong, unique passwords (ideally stored in a password manager like 1Password or LastPass), and enable two-factor authentication on RBCommons to make your account even more secure.

To learn more about the Cloudflare security breach, and how it affects you, read their disclosure and see the list of sites using Cloudflare to see if you may be at risk.

Read More

RBCommons and this week’s security news

This has been an interesting week on the Internet, security-wise. A vulnerability in the Bash shell (named “Shellshock”) was announced that allows remote execution of code on unpatched servers with certain configurations. Separately, an undisclosed vulnerability in Xen forced AWS and Rackspace to announce mandatory reboots of many of their customers’ servers. (See Amazon’s announcement and Rackspace’s announcement for more details.)

We’d like to give an overview of how all this is affecting RBCommons and, in turn, you.

We keep a close eye on all security updates available for the software and libraries we use, and are quick to patch our servers as fixes roll out. We’ve also performed many tests to ensure that malicious Shellshock HTTP requests do not impact us. Your data is safe.

Some of the services we use were affected by the mandatory AWS and Rackspace reboots. Earlier today, our mail provider, Mailgun, was temporarily down during the outage, which may have resulted in missing or delayed e-mails for those working on Sunday.

We’ve had a few rare DNS lookup failures, resulting in errors when visiting pages or otherwise interacting with RBCommons. There have only been four so far, and are temporary. If you see a random error loading a page, please just try again. We know this failure has affected a number of other AWS customers as well.

Tonight at 11PM PST, Amazon is scheduling some of our servers for a 6 hour maintenance window. This isn’t the first set of our servers to have undergone the mandatory maintenance, and we aren’t expecting any interruption to RBCommons during this time. However, we may be running at reduced capacity for about 20-30 minutes. We will be monitoring things closely.

If you are repeatedly hitting problems with RBCommons, please contact us!

We’ll post further updates if there’s anything to report.

Read More