rssLink RSS for all categories
 
icon_red
icon_green
icon_red
icon_red
icon_blue
icon_green
icon_green
icon_red
icon_red
icon_red
icon_orange
icon_green
icon_green
icon_green
icon_green
icon_blue
icon_green
icon_orange
icon_red
icon_green
icon_red
icon_red
icon_green
icon_red
icon_red
icon_red
icon_red
icon_orange
icon_green
 

FS#6208 — FS#10113 — hubiC availability

Attached to Project— hubiC
Maintenance
Backend / Core
CLOSED
100%
The hubic/pcs storage system is currently impaired.

Related incident: http://status.ovh.co.uk/?do=details&id=6207
Date:  Friday, 31 January 2014, 13:11PM
Reason for closing:  Done
Comment by OVH - Wednesday, 29 January 2014, 16:29PM

The service is fully available again.


Comment by OVH - Friday, 31 January 2014, 13:11PM

On reinstating the service, we found a cache management bug.
This bug allowed 74 logins (mainly OVH monitoring robots that
make internal checks on internal login links) to see the file
list of another login. The bug was detected immediately and
we cleared the cache 20 to 30 seconds after relaunching the
service. The bug was identified within 15 minutes and fixed
20 minutes later.

We have analysed the access logs to determine who was able to
read what in the 30 seconds between relaunching the service
and deleting the cache. Only the file list on one directory
was viewed by 7 logins, and the account info for 2 logins.
No file content was read or modified.

We were able to identify this bug so quickly thanks to the
security tools set up on hubiC from the outset.
These tools enable us analyse "normal" and "unusual" activity
on an account. This system currently flags up issues internally.
We will soon be adding a double authentication process in case
of such issues arising again.