Last year, we successfully implemented an updated account portal (https://billing.touchsupport.com/) that offers additional benefits and features compared to our current system (https://legacy-billing.touchsupport.com/).

Over the next month, we will be hard at work migrating all accounts to the updated portal so that you can experience the most recent enhancements! The new account portal provides secure access to pay invoices, review service details, open support requests and manage devices.

Once your account is migrated, you will notice immediate improvements:

• Enhanced communications and support
• Improved user experience

Additionally, customers with hosted data center solutions in one of our data centers will be able to take advantage of:

• Bandwidth monitoring
• Detailed metrics reporting
• IP address tracking
• Remote reboot control
• Sophisticated monitoring

The security and accuracy of your account data is paramount and we understand the potential pitfalls of any type of migration. To ensure a smooth transition, we will be manually migrating accounts, one at a time, using the following process:

Pre-Migration
We will utilize a detailed checklist to prep your account for a successful migration. After the pre-migration checks are complete, we'll notify you that your account is ready and scheduled for migration.

Migration
We will complete a zero-downtime migration of your account data to https://billing.touchsupport.com/

Post-Migration
The accuracy of your account data will be verified by the migration team. We'll notify you that the migration process is completed so that you can login to review your account and update your billing and contact information, if necessary.

Answers to commonly asked questions regarding the migration are listed below:

Q: When will I be able to access the updated account portal?
A: During the migration you will receive new login credentials for https://billing.touchsupport.com/ and you can login at that time.

Q: How will I receive my new login credentials?
A: Your new login credentials will be sent via e-mail to the primary e-mail address listed on your current account.

Q: Is there anything I need to do?
A: Due to security guidelines from our credit card processing vendor, credit card data cannot be migrated with your account data. Once you receive your new login credentials, please log into the new portal and re-enter your credit card information if you wish you continue automated billing each month. We apologize in advance for the inconvenience this causes.

Q: What if I have an active PayPal subscription that automatically sends payment each month?
A: Due to security guidelines from PayPal, your subscription cannot be modified to work with our updated account portal. Please cancel any active PayPal subscriptions by following the instructions listed at https://www.paypal.com/us/webapps/helpcenter/helphub/article/?articleID=FAQ2327

Once you receive your first invoice from our updated portal, you will have the ability to create a new PayPal subscription. We apologize in advance for the inconvenience this causes.

Q: I have an account credit balance. What will happen to it?
A: Any account credit(s) will be transferred during the migration and will be applied to future invoices.

Q: Is there any downtime associated with the migration?
A: No, not at all. You will have full access to your new account portal and legacy account information during and after the migration.

If you have any questions, please let us know by opening a new request at https://support.touchsupport.com/index.php?/Tickets/Submit

Upcoming Maintenance Notification

Touch Support staff will be conducting software upgrades on our Load Balancing and Traffic Management appliances.

The following services will be affected and will be unavailable during the outage:

Project Management Tracking System (https://project.generalsupport.net/)
Enterprise Billing, Device Tracking and Support System (https://ubersmith.generalsupport.net/)
Outsourced Support Billing System (https://billing.touchsupport.com/)
Knowledge Base and Support System (https://support.touchsupport.com/)

Purpose: Upgrade firmware on F5 BIG-IP Firewall and Traffic Management Hardware
Duration: Up to 240 minutes
Start of maintenance window: December 28th, 2014 at 8:00pm EST
End of maintenance window: December 29th, 2014 at 12:00am EST

​During the scheduled maintenance window all systems that are currently configured to route connections through the F5 hardware appliances will be offline for the duration of the upgrade. Touch Support engineers will work diligently to assure that data integrity is maintained and downtime is kept to a minimum.

Our website (http://www.touchsupport.com/), will be online and reachable throughout the maintenance window.

Immediate Assistance: For immediate assistance during the outage please contact us via live chat.  Alternatively, you can reach us at (888) 45-TOUCH.
Outage Updates: For updates during the outage please visit our out-of-band information center.

This information has been posted here for your convenience.  Additionally, if you have any comments, questions, or concerns regarding this outage please simply reply to this e-mail.  Thank you!

Regards,
Jason Hamilton
CTO
Touch Support, Inc.

A major vulnerability in the Bash shell has been disclosed yesterday.

This vulnerability may impact many websites, content management systems, web applications and web server platforms. Any shell execution or shell function that is performed by a web application, including the storage of request data in environment variables, may present an attack vector that allows the execution of arbitrary code.

What this means:

Systems that have not updated their version of ‘bash’ and who provide web hosting in any form may allow remote attackers to upload files, execute arbitrary commands, capture sensitive data, generate SPAM and more.

This vulnerability was announced yesterday and the community has not had time to research the impact this has on individual products, but this may turn out to be one of the most significant vulnerabilities reported this year. You will likely start hearing about it in mainstream press as the week progresses.

What to do:

If you're currently subscribed to one of our server administration plans, our staff is already hard at work updating the version of 'bash' to keep your server up-to-date.  These should be no interruption to service for any customer while this upgrade is happening.

Otherwise, if you are the administrator of a Linux server, update your version of ‘bash’ to a patched version immediately.

For example, an update for Ubuntu has already been released. If you are running Ubuntu, executing ‘apt-get update’ and then ‘apt-get upgrade’ without quotes should fix the issue for you.

The Touch Support difference:

We install a unique set of tools onto your server(s) when you sign-up for one of our server administration plans.

When these types of vulnerabilities arise, our team quickly identifies them and develops a plan to keep your data safe, which typically include software updates that are rolled out to all affected servers. Then, we check to make sure they are no longer vulnerable. But, we don't stop there.

Our proprietary system administration tools are then updated to include a check for the specific vulnerability so that our administrators are instantly notified in the future if there is an issue.

For more information:

Please reference the following sites for additional details:

https://access.redhat.com/articles/1200223

https://access.redhat.com/security/cve/CVE-2014-6271

SUMMARY
cPanel, Inc. has released EasyApache 3.26.7 with Apache version 2.2.29. This release addresses vulnerabilities CVE-2014-0118, CVE-2014-0231, CVE-2014-0226 and CVE-2013-5704. We encourage all Apache 2.2 users to upgrade to Apache version 2.2.29.

AFFECTED VERSIONS
All versions of Apache 2.2 before version 2.2.29.

SOLUTION
cPanel, Inc. has released EasyApache 3.26.7 with an updated version of Apache 2.2 to correct these issues. Unless you have disabled EasyApache updates, EasyApache updates automatically. Run EasyApache to rebuild your profile with the latest version of Apache.

REFERENCES
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0118
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0231
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0226
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5704
http://apache.cs.utah.edu//httpd/CHANGES_2.2.29

cPanel, Inc. has released EasyApache 3.26.3 with PHP version 5.5.15, Libxslt version 1.1.28 and Libxml2 version 2.9.1. This release addresses PHP vulnerability CVE-2014-4670 by fixing a bug in the SPL component, CVE-2012-6139 by fixing a bug in Libxslt, and fixes bugs in Libxml2 to address the following CVEs: CVE-2012-5134, CVE-2013-0338, CVE-2013-0339, CVE-2013-1969, and CVE-2013-2877. We encourage all PHP 5.5 users to upgrade to PHP version 5.5.15, and all users to upgrade to Libxslt version 1.1.28 and Libxml2 version 2.9.1.

AFFECTED VERSIONS
All versions of PHP 5.5 before 5.5.15.
All versions of Libxslt before 1.1.28.
All versions of Libxml2 before 2.9.1.

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

CVE-2014-4670 - MEDIUM

PHP 5.5.15
Fixed a bug in the SPL component related to CVE-2014-4670.

CVE-2012-6139 - MEDIUM

Libxslt 1.1.28
Fixed a bug in the Libxslt library related to CVE-2012-6139.

CVE-2012-5134 - MEDIUM

Libxml2 2.9.1
Fixed an out of bound access bug in the Libxml2 library related to CVE-2012-5134.

CVE-2013-0338 - MEDIUM

Libxml2 2.9.1
Fixed a bug in the Libxml2 library related to CVE-2013-0338.

CVE-2013-0339 - MEDIUM

Libxml2 2.9.1
Fixed a bug in the Libxml2 library related to CVE-2013-0339.

CVE-2013-1969 - HIGH

Libxml2 2.9.1
Fixed buffer conversion bugs related to CVE-2013-1969.

CVE-2013-2877 - MEDIUM

Libxml2 2.9.1
Fixed a bug in the Libxml2 library related to CVE-2013-2877.

SOLUTION
cPanel, Inc. has released EasyApache 3.26.3 with updated versions of PHP 5.5, Libxslt and Libxml2 to correct these issues. Unless you have disabled EasyApache updates, EasyApache updates automatically. Run EasyApache to rebuild your profile with the latest versions of PHP, Libxslt and Libxml2.

REFERENCES
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4670
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6139
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5134
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0338
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0339
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1969
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2877
http://php.net/ChangeLog-5.php#5.5.15
http://xmlsoft.org/ChangeLog.html
http://xmlsoft.org/Libxslt/ChangeLog.html

Hello,