Fastly internet outages affecting Europe and North America

A number of retail, news and social media websites experienced internet downtime caused by an outage at the global website cloud hosting service, Fastly.

For an hour from 11am BST today, users of Fastly’s hosting service including gov.uk, PayPal, Amazon and a whole host of other major company websites were greeted with and “Error 503 Service Unavailable” detailing problems with the cache server.

By 12.09pm BST, Fastly released a statement saying that their global network was coming back online and that it had been “investigating potential impact to performance with our CDN [content delivery network] services”. However, users were still met with slow loading times and sporadic access to multiple companies’ websites.

Error 503 message that greeted those trying to access the affected websites

When functioning correctly, CDNs such as Fastly aim to improve website security from denial-of-service attacks and reduce loading time for images, videos and HTML pages whilst managing sudden web traffic clusters for their customers’ websites.

ESET commented on the outage and its implication going forward with “whether it be malicious or otherwise, this highlights the importance and significance of these vast hosting companies and what they represent” – adding weight to the growing responsibility that these CDN providers have over global Internet control and access.

The outage raises security concerns over the over-centralisation of the internet in the hands of a few major hosting providers and asks questions about its reliability in the future should a larger scale problem like this occur again – demonstrating that we have not learned our lesson from the past hosting service outages as exemplified by the Cloudfare crash of 2019.

Full list of all websites affected below:

AFR, Age, Amazon, Boots, BuzzFeed, CNN, Deliveroo, Etsy, Evening Standard, Financial Times, Giphy, Horse and Hound, IGN, Imgur, Independent, Kickstarter, Le Monde, New York Times, PayPal, Pinterest, Reddit, Royal Mail, SMH, Spotify, Taboola, The Guardian, The Verge, Twitch, Twitter, UK Government website (including HM Revenue and Customs), Vimeo and Weightwatchers

 


32,000 Microsoft Exchange servers still at risk from Hafnium cyber breaches

Microsoft has announced that up to 92% of all stand-alone Exchange servers have been patched, following a mass data breach by Chinese state-sponsored Hafnium cybercrime group.

A mass attack on zero-day Exchange servers through four security vulnerabilities was identified and exploited by Hafnium in early March. Those with at risk servers, according to Microsoft VP Tom Burt, are recognised as 400,000 on-premise Exchange servers belonging to multiple government and corporate data centres including defence contractors, schools and other entities globally.

Consequently, the ProxyLogon security fixes released on 2nd March have mitigated this number significantly with 92% of Exchange servers now protected under the new patches. Nevertheless, Microsoft states that around 32,000 servers remained unpatched and vulnerable to Hafnium cybercrime including theft of confidential sensitive data together with installation of ransomware and ‘corrupted web shells’, such as China Chopper, allowing unrestricted external access to the unpatched Exchange servers.

These security fixes are in conjunction with Microsoft’s Exchange on-premises mitigation tool (EOMT) which installs defender scripts and dependency downloads whilst automatically running the Safety Scanner; troubleshooting any identified problems on the Exchange servers.

However, the patches do not protect servers that have already been compromised from further exploitation, therefore Microsoft has advised that organisations administrators scan their stand-alone networks for potentially installed malicious software and scripts in addition to the scans of EOMT.

The attacks themselves have raised questions over the security maintenance of in-house email servers and adds weight to the growing adoption of cloud-based internet email.


Has Microsoft been tracking your Computer?

 

Almost certainly – but don’t panic. Details of anonymous data gathered from Windows 10 users were released this week, with Microsoft publishing more usage information surrounding Windows 10 tracking.

In a blog post, Microsoft explained that the data is gathered for “Standard diagnostic, anonymous analytics that enables us to deliver the best Windows 10 experience possible.”

Via Windows 10 tracking, Microsoft have now measured more than 200 million active devices running the new operating system, 2.4 billion search questions asked of Virtual Assistant Cortana, and more than 44.5 billion minutes spent using the new Microsoft ‘Edge’ browser.

Routine data collection is unlikely to concern most users – and has clearly been announced to show Windows 10’s success. Microsoft also casually notes that the new operating system, released in the summer of 2015, has been “Outpacing… Windows 8 by nearly 400%.”

The accelerating adoption of Windows 10, including among 22 million Enterprise and Education customers, offers Microsoft renewed hope for growing the user base of associated products, such as Azure cloud computing, Windows Phone and the impressive Office365.

If concerned, users can ‘turn off’ all feedback (aside from error reports) by setting the feedback option to ‘Basic’ in their settings.

Taking a more nuanced view, this admission illustrates an industry ever more capable (and willing) to be flexible with privacy concerns of customers in the quest for the perfect user experience.

 

Need Windows IT support and advice? Contact Lineal today: www.lineal.co.uk or 01271 375999