A critical security issue has been discovered in Microsoft Windows. You can read information about it here. Microsoft recommends that customers apply the suggested update immediately.

We are implementing temporary security measures on the 216.168.32.0/24 subnet that will block access to SSH (port 22). As soon as we are able to, we will enable access to this port on this subnet.

We apologize in advance for any inconvenience that this may cause and we will update this post when the security conditions return to normal.

Update: September 3rd, 2008 15:39:00: We are implementing additional security measures on our entire network that will block access to SSH (port 22). As soon as we are able to, we will enable access to this port.

We apologize in advance for any additional inconvenience that this may cause and we will update this post when the security conditions change.

Update: September 4th, 2008 10:16:00 We have restored access to port 22 across the network and we will continue to monitor the security conditions throughout the day. Thank you for your patience and understanding in this matter.

The DNS Vulnerability we made you aware of recently has been cracked and there are reports of an exploit already "in the wild." If you are running a DNS server, here at digital.forest, or anywhere else we STRONGLY suggest you patch it IMMEDIATELY. The details of this vulnerability were originally scheduled to be announced in early August, giving people time to patch their servers. Unfortunately it appears now we no longer have that time. Let me repeat: If you are running a DNS server, we STRONGLY suggest you patch it IMMEDIATELY.

We addressed this issue with our own servers within 24 hours of the original announcement. Since then we have scanned our network internally and found many DNS servers, and have begun contacting those system owners. We'll have to accelerate that process considerably. If you know you are running a DNS server, please fix it now. If you are uncertain, please check. While we are contacting system owners, it would be better for them to take a proactive approach and not wait for us to call.

Please remember: According to our terms of service we reserve the right to remove your server from our network if it is being attacked or being used to attack others. For everyone's safety and convenience it is critically important that your servers are up-to-date with their security patches. Knowingly running an insecure server puts you uptime and stability at risk.

Thank you for your attention with regard to this critical matter.

--Chuck Goolsbee
VP Technical Operations
digital.forest, Inc.

Today a major vulnerability was announced in the Domain Name Service protocol. You can read the details in the US-CERT announcement here: http://www.kb.cert.org/vuls/id/800113.

We are performing an assessment of our own DNS servers, planning to patch them, and make the configuration changes as required. We will post more on that as needed. The main purpose of this post is to inform our clients who run their own DNS servers inside the digital.forest facilities about this vulnerability. Please note that this is a fundamental vulnerability in the DNS protocol, so it is not vendor specific. This means that virtually EVERY device that can operate as a DNS server is vulnerable. We strongly suggest that you consult with your equipment and software vendors to ascertain your exposure and take appropriate action.

We'll post more information as it becomes available.