Security Advisory – “Shellshock” Vulnerability

Bango can confirm after extensive checks that no Bango systems have been affected by Shellshock (aka “The Bash bug”) or are vulnerabe to this attack.

It is important that you are fully aware of Shellshock and its potential impact on you.

A critical vulnerability has been reported in the GNU Bourne Again Shell (Bash), the common command-line shell used in most Linux/UNIX operating systems and Apple’s Mac OS X.

The flaw could allow an attacker to remotely execute shell commands by attaching malicious code in environment variables used by the operating system https://www.us-cert.gov/ncas/alerts/TA14-268A

The current patches for CVE-2014-6271 are incomplete. An attacker can provide specially-crafted environment variables containing arbitrary commands that will be executed on vulnerable systems under certain conditions. The new issue has been assigned CVE-2014-7169. It is advised to install existing patches and pay attention for updated patches that address CVE-2014-7169.

If you believe that your system may have been compromised due to this vulnerability, we recommend that you notify Bango and immediately change your Bango passwords and credentials.

Otherwise, while it remains good practice that you change your passwords regularly, there is no requirement to change the passwords to your Bango service management log-in as a result of this vulnerability.

Bango recommends that you test your own systems regularly for security flaws, and you should also be aware that “bash” use is not limited to webservers. It is also used widely in hardware and software network products. You should test for this specific vulnerability in any of your own systems that you use to connect to Bango.

Posted in Bango service updates | Tagged | Leave a comment

Reporting Update

We are really pleased to let you know that on August 19th there will be some updates to the reporting system.

Bango will be changing the format of exported and emailed analytics reports from Excel ’97 (.xls) to Office OpenXML (.xlsx).

This change removes the current 65,000 row limit for exported and emailed analytics reports and allows for greatly improved charting within the exported document.

Start Time: 19/08/2014 08.00 UTC
End Time: 19/08/2014 09.00 UTC

Between the above time, reporting will be paused.

If you have any questions or concerns please contact support@bango.com

Posted in Uncategorized | Leave a comment

“Heartbleed”

We have been approached by customers and content partners to ask whether Bango has been affected by the ‘Heartbleed Bug’. We can confirm that none of our systems have been affected.

We want to ensure you are fully aware of the ‘Heartbleed Bug’. This bug has the potential to affect the Open SSL implementation of the TLS (Transport Layer Security) protocol. Details of the bug, vulnerabilities and how to reduce exposure can be found at http://heartbleed.com

This vulnerability has been widely addressed since being discovered and announced on the 7 April 2014. The bug has existed since December 2011, so before being addressed the bug created the possibility for a malicious user to exploit a vulnerability in the Open SSL coding to access the system memory in client and server software potentially rendering visible data that might include security data, such as encryption keys, private certificates passwords.

The protocols HTTPS, FTPS and TLS are potentially vulnerable to this bug. The good news is that Bango does not use the Open SSL library in its products and services. We have ensured those vendors providing hardware and software systems, and support to Bango, are also not affected. All of our systems have been scanned for the vulnerability both internally and externally; none are affected.

Whilst it remains good practice, and we recommend that you change your passwords regularly, there is no requirement to change passwords to your Bango service management log-in as a result of this bug. Similarly there is no requirement for us to change our SSL keys and certificates as a result of this bug. Bango rotate our SSL keys and certificates regularly and as a matter of good security practice, we recommend you do the same.

We also recommend that you test your own systems regularly for security flaws, and you should also be aware that Open SSL use is not limited to webservers. It is also used widely in hardware and software network products, so we recommend that you test for this specific vulnerability in any of your own systems that you use to connect to Bango.

 

Posted in 3rd party service updates | Tagged , , ,

New Bango.com Website

Bango is delighted to announce a major upgrade of its website at bango.com

The new site provides information, news, case studies and product information. It presents Bango’s industry leading capabilities with new structure that better reflects the way that the industry leaders see Bango.

The site has a fresh clean look, more easily used from tablets and mobiles, and is fully integrated into the Bango support systems, management tools, knowledge-base and investor site.

New Bango website for 2014

Posted in Bango News

New BlackBerry vendor reports portal now available!

We are pleased to announce that we have just launched a new reports portal for BlackBerry vendors. It is available now at http://blackberry.bango.com.

On the portal you can:

  • View details about your BlackBerry World Bango account
  • View real-time information about your BlackBerry World carrier billing sales
  • Generate revenue and transaction reports
  • View and save POs, invoices and indicative earnings reports
  • Export all your reports in CSV and Excel formats; some can also be exported as XML or PDF too

Please note: Bango customer services can no longer provide any revenue reports directly. You will need to use the portal to generate your reports.

To activate your account please go to https://blackberry.bango.com and click the ‘Sign in’ link at the top right of the page. Then, on the Sign in popup click ‘Forgotten password’.

Enter the primary email address that you have registered with your BlackBerry World vendor account and click the ‘Email password’ button.

To find your BlackBerry World primary email address:

  1. Login to the BlackBerry World Vendor Portal (https://appworld.blackberry.com/isvportal)
  2. Select ‘Manage Account Details’
  3. Scroll midway down the page and look for ‘Primary Email’

You’ll receive an email from noreply@bango.com containing an activation link. Click the link to set your password and activate your account. Continue reading

Posted in System Updates, Uncategorized

Improvements to out payment reports

At Bango we are continually refining the efficiency of our processes, to ensure transparency and maximize your earnings. We are moving from estimated earnings based on currency conversions at the time of purchase to more accurate settlement invoices based on actual currency conversion rates used once payments have been received from each of our operator billing partners. This removes exchange rate estimates in the money flow and accurately reflects the settlement from our billing partners.

Going forward we will provide indicative earnings reports that show all your transactions in local currency, after the month end. This report will give you a guide to your final payment using the exchange rates in effect at the time you access your report. A table of rates will be made available at all times for your convenience. The final amount transferred to you will be reported separately on a settlement invoice which will be sent out to you a week before the normal settlement date. This amount will be calculated using the exchange rate in effect at the date of invoice. There will be no change to the usual payment dates.

We are also working on further developments to give you greater clarity on your payment flow. This includes more flexibility in out payment currencies and minimum payment thresholds. More information on this will follow.

Regards

Bango Customer Services

Posted in Billing Updates

Changes to BlackBerry developer pay out

There have been clear calls from the BlackBerry developer community for a degree of control and flexibility over when to trigger pay out. We’ve recently kicked off a major development project aimed at fine tuning our developer tools and pay out system, and we can confirm that we’ve added this functionality to the project.

The vision is that developers are able to choose a trigger value for pay out, and are able to request a pay out in the current month – subject to Blackberry World requirements. We can’t put a date on this functionality right now as it is dependent on wider development work which is currently in process, but we will keep the community informed through this blog.

Posted in Bango service updates