Fastly internet outages affecting Europe and North America

A number of retail, news and social media websites experienced internet downtime caused by an outage at the global website cloud hosting service, Fastly.

For an hour from 11am BST today, users of Fastly’s hosting service including gov.uk, PayPal, Amazon and a whole host of other major company websites were greeted with and “Error 503 Service Unavailable” detailing problems with the cache server.

By 12.09pm BST, Fastly released a statement saying that their global network was coming back online and that it had been “investigating potential impact to performance with our CDN [content delivery network] services”. However, users were still met with slow loading times and sporadic access to multiple companies’ websites.

Error 503 message that greeted those trying to access the affected websites

When functioning correctly, CDNs such as Fastly aim to improve website security from denial-of-service attacks and reduce loading time for images, videos and HTML pages whilst managing sudden web traffic clusters for their customers’ websites.

ESET commented on the outage and its implication going forward with “whether it be malicious or otherwise, this highlights the importance and significance of these vast hosting companies and what they represent” – adding weight to the growing responsibility that these CDN providers have over global Internet control and access.

The outage raises security concerns over the over-centralisation of the internet in the hands of a few major hosting providers and asks questions about its reliability in the future should a larger scale problem like this occur again – demonstrating that we have not learned our lesson from the past hosting service outages as exemplified by the Cloudfare crash of 2019.

Full list of all websites affected below:

AFR, Age, Amazon, Boots, BuzzFeed, CNN, Deliveroo, Etsy, Evening Standard, Financial Times, Giphy, Horse and Hound, IGN, Imgur, Independent, Kickstarter, Le Monde, New York Times, PayPal, Pinterest, Reddit, Royal Mail, SMH, Spotify, Taboola, The Guardian, The Verge, Twitch, Twitter, UK Government website (including HM Revenue and Customs), Vimeo and Weightwatchers

 


7.5 Million at risk from out-of-date ISP routers

Consumer watchdog Which? have investigated 13 legacy router models supplied by leading UK internet service providers (ISPs) including EE, Sky, TalkTalk, Virgin Media and Vodafone – a report discovered that around 7.5 million internet users are at risk from out-of-date hardware.

Out of the 13 router models investigated, 9 presented pressing security flaws that are unlikely to be in compliance with upcoming UK government legislation around tackling the security of connected devices.

The new legislation is in response to government figures showing that 49% of UK residents have purchased at least one smart device since the start of the COVID-19 Pandemic. Due to this huge increased national scope of vulnerability to potential cyber-attacks, the proposed legislation will ban easy to guess default passwords across all, enforces policies to make it easier to report software bugs that can be exploited by hackers on legacy or modern hardware.

Kate Bevan, Which?’s Computing Editor, commented that “proposed new government laws to tackle devices with poor security can’t come soon enough – and must be backed by strong enforcement.” Which? are simultaneously pushing for increased transparency from ISPs about how customers automatically or manually update their routers and how they should actively upgrade existing customers who are identified as being in the ‘at risk’ category.

Of those 7.5 million affected, 6 million users currently possess ISP hardware that has not been updated since 2018 and a few instances even as far back as 2016 – meaning that these vulnerable devices have not received security updates for defence against the latest threats posed by cybercrime.

A cluster of three main problems with ISP legacy hardware were identified by Which? ranging from weak default passwords that allow cybercriminals unlimited access to a router from anywhere, a lack of firmware updates and a local network vulnerability issue with EE Brightbox 2 giving potential hackers full control of the router to install malware or malicious spyware.

In response, Virgin Media have openly rejected Which?’s report conclusions; saying that 9 out of 10 customers are using their latest router models and are benefiting from regular router security updates. This sentiment was mirrored by BT Group (owners of EE), TalkTalk and Vodafone who announced that the HHG2500 device included in the Which? report has not been supplied since August 2019.

Devices with weak default passwords: TalkTalk HG635, TalkTalk HG523a, TalkTalk HG533, Virgin Media Super Hub 2, Vodafone HHG2500, Sky SR101 and Sky SR102.

Routers affected by lack of updates: Virgin Media Super Hub, Virgin Media Super Hub 2, Sky SR101, Sky SR102, TalkTalk HG523a, TalkTalk HG533 and TalkTalk HG635.

Routers that passed the Which? security tests: BT Home Hub 3B, BT Home Hub 4A, BT Home Hub 5B and Plusnet Hub Zero 2704N


Internet Providers Announce 2021 Broadband Price Rises

A number of major UK internet service providers (ISPs) have announced above-inflation broadband price rises for 2021.

Virgin Media says an average customer will face a 4% rise this year – announcing that the increase is part of a plan to invest £1 billion in its network infrastructure.

BT, EE and Plusnet have also amended their terms of service, and are expected to publish above-inflation price rises over 4% shortly. Sky have already raised prices, with some customers seeing increases of up to 10%.

Ofcom figures suggest market rates for broadband have remained broadly consistent over the course of the last decade prior to 2020 – driven in part by more of the UK being brought on-stream under Openreach’s superfast fibre roll-out.

broadband price rise

Although network investment is likely to be welcomed, many customers will no doubt suspect ISPs are raising profits at a time that the UK is particularly dependent on home use of connectivity.

Where investment also supports fibre-to-the-premises (FTTP) rollouts, the increase may also represent a regressive step – charging customers in less well-connected parts of the country with slower broadband to fund upgrades in already better-connected areas.

Approximately 41% of broadband customers are not in contract, and the best deals are gained by those who look for options rather than renewing automatically. New Ofcom rules mean that price rises from an ISP allow escape from contract terms, giving customers other options.

Contact Lineal – Placing your connectivity with a trusted IT provider can be both more organised, and sometimes better value. Contact us today!


End Net Neutrality, rules FCC

Net Neutrality looks set to end in the USA, following a landmark 3-2 decision by the Federal Communications Commission (FCC.)

The ruling will permit American internet providers to cease treating all internet traffic equally, and permit the blocking or throttling of certain types of internet traffic or charging for access non-uniformly – providing the restrictions are released publicly.

Opponents of Net Neutrality fear the lifting of restrictions will pave the way for anti-competitive behavior in the US and ultimately around the world – with internet service providers (ISPs) deliberately impairing services provided by competitors to make their own offering appear superior. Imagine ISPs degrading each other’s parent-company video streaming services, and you get the picture.

This latest ruling u-turns on the 2015 decision to guard against anti-competitive practices, and will be politically controversial – passed strictly down party lines with the committee’s three Republicans, including Trump-appointed Chairman and former Verizon lawyer Ajit Pai voting in favour, and two Democrats voting against.

Consumer protection has, if anything, become slightly stricter in the UK following recent Ofcom decisions, whilst across the pond, 2017 is expected to go down in internet history as a year of dramatic internet deregulation. Internet usage crosses national borders of course, with the international affect of the FCC’s decision being ours to speculate on.

The end of Net Neutrality won’t kill the internet, but it’s likely some intelligent individuals will be developing discretely advantageous ways for their own business interests to benefit financially from preferential treatment online, or profit from those who wish to do so.

Long term, any introduction of ‘toll-road’ style access is likely to act as a barrier to entry to newer technology companies, to the benefit of more established providers.