Tuesday, January 29, 2019

Meet the Team: Zach Vidibor

The Bitnami team is a diverse group of talented people distributed all over the world. Get to know them better through this series of blog posts.

Zach is the Head of Enterprise Sales and is part of our remote team based in London, UK.

A Brief Bio

Although I was born and raised in Silicon Valley (Mountain View to be exact), my journey into technology was never one I planned. In my younger years I thought I would either be a professional mountain climber, a Navy SEAL, or a mechanical engineer...but somehow by the time I got to college I ended up studying political science and working at a radio station. And, not surprisingly, by the time I was finishing college, all I knew was I still didn’t know what I wanted to do. I ended up getting a sales job for a company called Ricoh, selling printers and copiers. Anyone who’s had a job like this before will know, it’s a very difficult ‘first sales job’ to have, and didn’t leave me thinking this was my future either. But, I had the good fortune of running into a very old family friend at a party and striking up a conversation about what I should do next. She was an early employee at LinkedIn and suggested I meet with some people over there who were building out their first inside sales org. Needless to say, I met some amazing people and this is where everything changed as they say. I’ve been in technology sales ever since. What I found out was that sales was something radically different than I had thought, and was something that I could find great satisfaction in. I’ve always been extremely passionate and interested in how things work, and I discovered sales was a path to getting behind the scenes and discovering how countless different businesses function. On top of that, I could bring in technology to help people fix, improve, and transform their businesses. That is what I ultimately fell in love with about technology and my career in sales.

Why did you join Bitnami and what excites you about working here?

Bitnami is exciting for me for so many reasons. First, I’ve always loved stories about companies that ‘punched above their weight’ so to speak. The companies that everyone’s heard of, but don’t realize how big of an impact they’ve had until you’re on the inside. As I began to peel back the layers I saw that while Bitnami was not a very large company it had incredible reach, partnerships, and influence. On top of that, all of the people that I met across the board were just downright impressive individuals. I know it’s cliche to say it’s the people, but it really was the case for me. I found a group of people that I wanted to learn from and build with. From a business standpoint I was fascinated by all of the unique skills and capabilities the company has, and the different areas this gives us an opportunity to be relevant in. From a technology standpoint, there were many things I found very interesting, but our work in Kubernetes was the most exciting to me. The company I was at prior to Bitnami relied heavily on Kubernetes - I saw up close the leverage and velocity it enabled for the business and knew I had to be involved with it in some capacity going forward.

What are you working on?

Right now I’m working on helping Bitnami bring all of our unique technology and expertise to the enterprise. Specifically I’m focused on our direct sales efforts, building alliances with partners, and our overall go-to-market strategy.

Enjoying the, "best meal of his life" while traveling with his wife!
What do you like to do for fun?

More than anything else, my wife and I love to travel and explore. We like to do that not only in far away places, but also find all those hidden gems right in our backyard. No matter where we are, I love to eat and cook... a lot. My most cherished possessions are probably my cast iron pan and Japanese knives if that gives you any idea. I also love to mountain bike and snowboard whenever I get the chance.

Interested in working with Bitnami and Zach? Apply for one of our open positions!

Thursday, January 24, 2019

Security vulnerability in the PEAR download manager

The PEAR maintainers found a security breach in their server and published a security announcement about it. In this case, the PHP PEAR package manager (go-pear.phar) included malicious code and  the PEAR maintainers still in the process of analyzing it.

We would like to inform you that the "go-pear.phar" tool is not included in Bitnami solutions. All our solutions use PEAR from PHP source code that is not affected.

If you downloaded the go-pear.phar file after December 20th, 2018, you should get a new copy of the same release version from GitHub (pear/pearweb_phars) and compare file hashes. If the file hashes are different then you may have the infected file.

If you have additional questions about this security issue, post them in our community forum, and we will be happy to help you.

Wednesday, January 23, 2019

APT security update - CVE-2019-3462

A new security vulnerability was discovered in the Advanced Package Tool, or APT, the high-level package manager for Debian, Ubuntu, and related Linux distributions.

The tool does not sanitize fields in HTTP redirections and so could be used for man-in-the-middle attacks that inject malicious content in the HTTP connection between APT and a mirror. You can find more information in the official announcement.

You can now disable redirects to prevent exploitation or upgrade the system’s package to a version that fixes the vulnerability:

  • Upgrade the package

Run the following commands to install the latest version of the package:

    sudo apt-get -o Acquire::http::AllowRedirect=false update
    sudo apt-get -o Acquire::http::AllowRedirect=false install apt -y

The fixed versions are:
  • Debian 8.x: Version and later versions
  • Debian 9.x: Version 1.4.9 and later versions
  • Ubuntu 14.04: Version 1.0.1ubuntu2.19 and later versions
  • Ubuntu 16.04: Version 1.2.29ubuntu0.1 and later versions

To check the current version of your APT package, please run this command:

    apt --version

  • Disable redirect

In case you can not upgrade the APT package right now, use the following option when running any apt command:

    -o Acquire::http::AllowRedirect=false

If you have additional questions about this security issue, post them in our community forum, and we will be happy to help you.