Posts with «internet & networking technology» label

Google Cloud outage takes down Spotify, Snapchat, Etsy and more sites

A Google Cloud network issue has taken down a handful of prominent websites today, including Spotify, Snapchat, Etsy and Discord. Google says the issue is partially resolved as of 1:17PM ET, but a full fix is still incoming. Affected websites will display 404 error messages and there is no workaround on the customer side.

We are aware of an issue with Google Cloud Platform. See our status dashboard for details:

— Google Cloud (@googlecloud) November 16, 2021

Users began reporting issues with some sites Tuesday just before 1PM ET, and Google Cloud confirmed the networking problem at 1:10PM ET. 

"We apologize to all who are affected by the disruption," the company wrote.

FBI email servers were hacked to target a security researcher

The FBI appears to have been used as a pawn in a fight between hackers and security researchers. According to Bleeping Computer, the FBI has confirmed intruders compromised its email servers early today (November 13th) to send fake messages claiming recipients had fallen prone to data breaches. The emails tried to pin the non-existent attacks on Vinny Troia, the leader of dark web security firms NightLion and Shadowbyte.

The non-profit intelligence organization Spamhaus quickly shed light on the bogus messages. The attackers used legitimate FBI systems to conduct the attack, using email addresses scraped from a database for the American Registry for Internet Numbers (ARIN), among other sources. Over 100,000 addresses received the fake emails in at least two waves.

The FBI described the hack as an "ongoing situation" and didn't initially have more details to share. It asked email recipients to report messages like these to the bureau's Internet Crime Complaint Center or the Cybersecurity and Infrastructure Security Agency. Troia told Bleeping Computer he believed the perpetrators might be linked to "Pompomourin," a persona that has attacked the researcher in the past.

Feuds between hackers and the security community aren't new. In March, attackers exploiting Microsoft Exchange servers tried to implicate security journalist Brian Krebs using a rogue domain. However, it's rare that they use real domains from a government agency like the FBI as part of their campaign. While that may be more effective than usual (the FBI was swamped with calls from anxious IT administrators), it might also prompt a particularly swift response — law enforcement won't take kindly to being a victim.

These fake warning emails are apparently being sent to addresses scraped from ARIN database. They are causing a lot of disruption because the headers are real, they really are coming from FBI infrastructure. They have no name or contact information in the .sig. Please beware!

— Spamhaus (@spamhaus) November 13, 2021

Verizon partners with Amazon to offer satellite internet in rural areas

Amazon's internet satellites will be put to work expanding rural broadband coverage. CNBCreports Verizon is teaming with Amazon to improve fixed wireless internet access in rural areas in the US. The alliance will initially concentrate on expanding Verizon's LTE and 5G service using Amazon's Project Kuiper for "backhaul," boosting coverage in areas with little or no high-speed data.

Amazon and Verizon later hope to offer unified internet access for industries worldwide, including smart farms and transportation. For now, they're establishing technical requirements for rural broadband using Project Kuiper antenna tech already in development.

The two didn't provide a timeline for this satellite-augmented service. Amazon recently lined up rocket launches for Project Kuiper, but it doesn't expect to have half its satellites in low Earth orbit until 2026. The full constellation is expected no later than July 2029.

There's an enemy-of-my-enemy aspect to this deal. Amazon and Verizon are racing to compete with SpaceX's rapidly developing Starlink service — they both risk losing customers if Starlink claims too strong a foothold, including corporate clients like Google. All the same, Americans might not mind if this brings fast internet access to more parts of the country. Rural internet coverage is still far from complete, even with the FCC investing billions in 5G — this could fill in the gaps without having to wire as much of the countryside as before.

Microsoft says SolarWinds hackers may have breached 14 more companies

Microsoft has shared more details about a recent cyberattack campaign orchestrated by the Russian state-sponsored group blamed for last year's devastating SolarWinds hack. The company's cybersecurity experts warned that Nobelium is once again trying to access government and corporate networks around the world, despite President Joe Biden sanctioning Russia over previous cyberattacks.

According to Microsoft, the group is using the same strategy it employed in the successful SolarWinds attack — targeting companies whose products form core parts of global IT systems. In this campaign, Microsoft says, Nobelium has focused on a different aspect of the IT supply chain, namely resellers and service suppliers that provide cloud services and other tech.

The company says it has informed more than 140 providers and resellers that the group has targeted them. It believes Nobelium breached up to 14 of these companies' networks. However, Microsoft says it detected the campaign in its early stages in May, which should help mitigate the fallout.

Microsoft notes these hack attempts are part of a huge series of attacks conducted by Nobelium over the last few months. Between July 1st and October 19th, it told 609 of its customers that Nobelium had attempted to hack them on 22,868 occasions, with fewer than 10 successes. In the three years prior to July 1st, Microsoft told its customers about 20,500 attacks from all nation-state actors — not just Nobelium.

"This latest activity shares the hallmarks of Nobelium’s compromise-one-to-compromise-many approach and use of a diverse and dynamic toolkit that includes sophisticated malware, password sprays, supply chain attacks, token theft, API abuse [and] spear phishing," Microsoft's security intelligence division wrote in a tweet. Nobelium has also been known as Cozy Bear and APT29.

In 2020, hackers created a backdoor in a SolarWinds product called Orion, which was used by around 30,000 customers in the public and private sector. Nobelium is said to have carried out further hacks on the systems of nine US agencies and around 100 companies. Other hackers piggybacked onto the backdoor to facilitate their own attacks. The US sanctioned six Russian companies and 32 individuals and entities in April over alleged misconduct connected to the SolarWinds attack and attempts to interfere with the 2020 presidential election.

"This recent activity is another indicator that Russia is trying to gain long-term, systematic access to a variety of points in the technology supply chain and establish a mechanism for surveilling — now or in the future — targets of interest to the Russian government," Tom Burt, Microsoft's corporate vice president of customer security and trust, wrote in a blog post.

Brave’s privacy-first search engine is now built in to its browser

Brave is very confident in its privacy-centric search engine — so much so that it's giving Google the boot. As of today (October 19th), Brave will use the engine as its browser's default search tool, replacing Google in the US, UK and Canada. It'll also supplant DuckDuckGo in Germany and Qwant in France, with more countries seeing the switch in the "next several months."

Your browser will keep its existing search engine settings, and you can always pick Google or another competitor if you're so inclined. The change in defaults is available across desktop releases as well as Android and iOS.

Brave Search is effectively billed as the anti-Google engine. It doesn't track you, your search history or what you've clicked. While its independent index won't necessarily be robust as Google's, Brave is betting that the default position will significantly boost adoption.

You can help improve the results, too. Brave has launched a Web Discovery Project that lets volunteers contribute data to improve Brave Search's overall quality. The feature is anonymous and makes the data "unlinkable," rendering it useless to ad customers or hackers. It runs automatically as you browse. The opt-in nature will limit WDP's usefulness, but Brave is clearly hoping to find enough participants that it narrows gaps with heavyweight rivals.

Google mobile search results get ‘continuous scrolling’ treatment

You’ll soon have an easier time scrolling through search results on your phone. In the US, Google is rolling out a tweak that does away with the “See more” prompt you’ve had to tap on previously to load additional search results on mobile devices. Now, when you get to the bottom of a set of results, the company’s search engine will instead automatically load the next page for you, allowing you to continuously scroll until you find a website you want to visit.

You should see the change on both your mobile web browser and the Google app for iOS and Android. Per TechCrunch, the company is staggering out the rollout of the feature, so you won’t be able to scroll through every set of results, at least not initially. The change follows a redesign of mobile search Google released at the start of 2021.

While most usually find what they’re looking for quickly, Google notes some people view as many as four pages of search results before they click through to a website. The company suggests the move to continuous scrolling should be particularly helpful to those who tend to ask more open-ended questions of its search engine. It’s also a tweak that brings the platform more in line with modern feed-style apps like Instagram and TikTok.

Google Cloud will show users their gross carbon emissions

Google Cloud has added tools to help users gain a better understanding of their environmental impact as part of the company's broader efforts to combat climate change. The Carbon Footprint feature shows the gross carbon emissions linked to the electricity consumption of someone's Cloud Platform use. It displays emissions over time and can break down the data by project, product and region.

Companies will be able to roll this information into their own emissions data for internal audits and making carbon disclosures (they can export the data to Salesforce Sustainability Cloud, for instance). Google stressed that the figures relate to a user's gross carbon emissions, since the company has been carbon neutral for over a decade. It plans to run entirely on carbon-free energy by 2030.

Google Cloud will also flag applications that are not in use, as well as their carbon emissions. Google suggests that deleting apps identified by the Unattended Project Recommender will help companies mitigate security risks, lower costs and reduce their carbon footprint.

Google #EarthEngine is now available in preview to commercial customers via Google Cloud Platform. We're building on our long track record on environmental impact to enable companies and governments that want to make progress on climate action.

— Google Earth (@googleearth) October 12, 2021

In addition, Google is bringing Earth Engine to the Cloud Platform for select users. Using satellite imagery, data sets and other tools, companies can harness Earth Engine to "track, monitor and predict changes in the Earth’s surface" caused by extreme weather events or human activity. That, Google says, will enable businesses to reduce and mitigate risks, "become more resilient to climate change threats" and save money. Companies can apply for access to Earth Engine through Google Cloud.

Last week, Google unveiled a string of features that highlight the environmental impact of consumer choices. Shopping results can promote greener options, while Google Flights started showing carbon emission estimates for almost all trips. The Nest Renew program, meanwhile, can switch your thermostat on or off depending on the availability of clean energy. In addition, Google is hoping to use AI to improve the efficiency of traffic lights and reduce pollution from idle cars.

The Internet Archive's 'Wayforward Machine' paints a grim future for the web

The Internet Archive is marking its 25th anniversary by peering into the future to predict what the web might look like a quarter of a century from now. The non-profit took the opportunity to rail against internet regulation by offering a grim vision of what lies ahead.

Punch a URL into the Wayforward Machine and you'll see a version of that page covered in pop-ups. The messages include one reading "Classified content. The website you are trying to access features information that the owner(s) have opted to restrict to users that have not shared their personal information." Another reads "This site contains information that is currently classified as Thought Crime in your region."

The way things are going, the Internet Archive suggests, free and open access to knowledge on the web may become far more limited. A Wayforward subsite includes a timeline of things that might go awry in the coming years, starting with the repeal of section 230 of the Communications Decency Act, which protects websites and internet platforms from being liable for things that users post. A repeal could have enormous consequences for the web, though some, such as Facebook CEO Mark Zuckerberg, have proposed that the provision should be reformed.

The timeline includes some other wild-but-not-inconceivable suggestions, such as a law allowing corporations to copyright facts, forcing Wikipedia to move to the Dark Web, and more countries introducing their own versions of China's Great Firewall. The Internet Archive teamed up with several digital rights organizations for this project, including the Electronic Frontier Foundation, Fight for the Future and the Wikimedia Foundation. The subsite includes resources on how to help protect freely available information.

The Wayforward Machine is, of course, a satirical version of the Wayback Machine, which has archived hundreds of billions of web pages over the last two and a half decades. It's an important resource for helping preserve the history of the internet, including things like Flash games and animations, so it's probably worth paying attention to the Internet Archive's vision of the future.

Facebook explains how its October 4th outage started

Following Monday’s massive service outage that took out all of its services, Facebook has published a blog post detailing what happened yesterday. According to Santosh Janardhan, the company's vice president of infrastructure, the outage started with what should have been routine maintenance. At some point yesterday, a command was issued that was supposed to assess the availability of the backbone network that connects all of Facebook’s disparate computing facilities. Instead, the order unintentionally took those connections down. Janardhan says a bug in the company’s internal audit system did not properly prevent the command from executing.

That issue caused a secondary problem that ultimately made yesterday’s outage into the international incident that it became. When Facebook’s DNS servers couldn’t connect to the company’s primary data centers, they stopped advertising the border gateway protocol (BGP) routing information that every device on the internet needs to connect to a server.

“The end result was that our DNS servers became unreachable even though they were still operational,” said Janardhan. “This made it impossible for the rest of the internet to find our servers.”

As we learned partway yesterday, what made an already difficult situation worse was that the outage made it impossible for Facebook engineers to connect to the servers they needed to fix. Moreover, the loss of DNS functionality meant they couldn’t use many of the internal tools they depend on to investigate and resolve networking issues in normal circumstances. That meant the company had to physically send personnel to its data centers, a task that was complicated by the physical safeguards it had in place at those locations.

“They’re hard to get into, and once you’re inside, the hardware and routers are designed to be difficult to modify even when you have physical access to them,” according to Janardhan. Once it could restore its backbone network, Facebook was cautious not to turn everything back on all at once since the surging power and computing demands may have led to more crashes.

“Every failure like this is an opportunity to learn and get better, and there’s plenty for us to learn from this one,” said Janardhan. “After every issue, small and large, we do an extensive review process to understand how we can make our systems more resilient. That process is already underway.”

Comcast makes its affordable broadband available to low-income undergrads

Comcast has expanded Internet Essentials' coverage to include Federal Pell Grant recipients within areas where it's available. By doing so, it's giving undergraduates from low-income households access to low-cost internet connection at a time when they may have a huge need for it and in time for Internet Essentials' 10th anniversary. "These additional initiatives arrive as the COVID-19 crisis has demonstrated far-reaching effects that disproportionately impact those who have traditionally lacked access to the tools, resources, and skills needed to get online," the company wrote in its announcement.

The Internet Essentials program launched in 2011 and has expanded its coverage several times since then until, according to the company, it has connected "a cumulative total of more than 10 million people to the internet." Earlier this year, the company doubled the package's speed, giving subscribers access to download speeds of up to 50 Mbps and uploads of up to 5 Mbps.

In addition to giving Pell Grant financial aid recipients access to Internet Essentials, Comcast has also pledged $15 million worth of internet service and equipment. Its pledge includes over 25,000 laptops that will be donated to low-income students, seniors and vets. The move is part of the company's Project UP, which is an initiative aiming to "advance digital equity." The laptops will be distributed in cities nationwide, including Houston, TX; Sacramento, CA; Seattle, WA; Philadelphia, PA; Hartford, CT; Baltimore, MD; Memphis, TN; Atlanta, GA; Detroit, MI; Chicago, IL; Jacksonville, FL; Minneapolis, MN; Oakland, CA; Boston, MA; Pittsburgh, PA; and Grand Rapids, MI.