Monthly Archives: March 2013

GitHub Hit With Another DDoS Attack, Second In Two Days, And “Major Service Outage”

Services on code-sharing site GitHub have been disrupted for over an hour in what started as a “major service outage” because of a “brief DDoS attack.” This is the second DDoS attack in as many days and at least the third in the last several months: Yesterday, GitHub also reported a DDoS incident. And in October 2012, the service also went down due to malicious hackers. Today, the distributed denial of service incident has affected the site for at least an hour, starting at 10.43AM GMT with a major service outage. GitHub noted that the cause was a “another brief DDoS attack” and that service should be returning to normal. At 11.11AM, the site reported that some systems were still being affected. “Access to downloadable source code archives and uploaded files is temporarily down. We’re working to restore it asap,” it noted. There has been some debate over security at GitHub, with several people recently revealing the amount of sensitive information like passwords and private keys stored on publicly-accessible pages. On a code-sharing repository, this is not like blasting information as you might see in a display ad, but it’s the kind of information that can be found if you know how and where to look. And the DDoS attacks against GitHub go back some way. In Feburary 2012, for example, the site revealed a sustained attack that lasted for nearly a week. “This attack is global, and has been very intense at times. Yesterday morning, for example, github.com suddenly received requests from 10,000 times the number of clients it had handled the minute before,” Jesse Newland wrote on GitHub’s blog. That only resulted in an hour of total downtime. He also wrote that GitHub was putting in place measures to better protect against DDoS attacks in the future — although clearly not eliminate them completely. GitHub has had a lot of success in the last few years. With some 3 million developers using the site to post and share code; a recent $100 million round from Andreessen Horowitz; and other accolades, it exemplifies the wider trend of the rise of the enterprise startup — a status that likely also brings positive as negative attention. Update : Three hours later, everything is back up and working normally. We have reached out to ask whether GitHub has any more information about the incidents. Source: http://techcrunch.com/2013/03/10/github-hit-with-another-ddos-attack-second-in-two-days-and-major-service-outage/

Read the original:
GitHub Hit With Another DDoS Attack, Second In Two Days, And “Major Service Outage”

Czech finance sector hit by Distributed Denial of Service (DDoS) Attacks

The Czech financial sector was targeted in cyber attacks on Wednesday, with the national bank and stock exchange websites disrupted by dedicated denial of service (DDOS) attacks. The Czech financial sector was targeted in cyber attacks on Wednesday, with the national bank and stock exchange websites disrupted by dedicated denial of service (DDOS) attacks. The Czech National Bank’s official website was the victim of a “massive cyber attack” on the external server hosting its site, before being brought back online later that day. The attacks overloaded servers with thousands of requests, making them inaccessible to the central bank’s customers. However, the bank said in a statement that its internal IT systems were unaffected by the disruptions. “We apologise for any difficulties experienced by visitors to the CNB website due to the outage,” said CNB spokesman Marek Petru in a statement. Other major banks were also targeted, including CSOB, Ceska Sporitelna and Komercni Banka, as well as a number of smaller banks. It is not believed that customer data has been compromised. The Prague Stock Exchange also had its website taken down on Wednesday. according to Reuters, with a spokesman claiming that a “co-ordinated” attack by hackers was likely to be responsible. Earlier this week a number of Czech news outlets were targeted by the cyber attacks, with the website of the broadsheet newspaper DNES taken down. There have been a number of DDOS attacks against banks across the world in recent months. Earlier this week the Izz ad-Din al-Qassam Cyber Fighters group promised to continue a series of attack against US banks which began in October with DDOS attacks against JPMorgan Chase, Bank of America, CapitalOne and Citibank among others. The group indicated it would cease its campaign of attacks in January. In January two members of Anonymous were jailed in the UK for their part in DDOS attacks against a number of financial services companies including Visa and Mastercard. Last month Anonymous posted personal details of 4,000 bankers, after breaching defences of the US Federal Reserve. Source: http://computerworld.co.nz/news.nsf/security/czech-finance-sector-hit-by-cyber-attacks

See the original article here:
Czech finance sector hit by Distributed Denial of Service (DDoS) Attacks

Raspberry Pi Foundation gets hit by a Distributed Denial of Service (DDoS) Attack

Attacked by a million node botnet Raspberry Pi’s website went black after unknown hackers brought it down with a distributed denial of service attack (DDoS). The website has since been restored. “For those interested, this one’s quite hardcore: We’re seeing a SYN flood from a botnet that seems to have about a million nodes,” said Raspberry Pi on Twitter. “This is the second attack in a couple of days. We haven’t had the blackmail email yet. It’s getting plonked when it arrives.” During the attack, the company actively tweeted accounts of the attack, saying they were unable to trace it back to its creator. This, according to Raspberry Pi, is due to the attackers using a “SYN flood” to mask their identities. It believes the attacker is likely an “angry and confused kid” who won’t be able to hold up an expensive attack like this for very much longer. The company is also unable to get in touch with its host given that it is nighttime in the U.K., where Raspberry Pi is based. The general question on Twitter concerning the DDoS is “Why?” Raspberry Pi creates cheap micro PCs, which has caught the eye of many. Its foundation arm is also focused on bringing computer science education to children and is involved in other charities. When asked about why it might be a target, Raspberry Pi tweeted, “Well, we *are* horrid, what with our focus on education and charity and everything. Boo to irritating do-gooders.” Source: http://venturebeat.com/2013/03/05/raspberry-pi-ddos/

Visit link:
Raspberry Pi Foundation gets hit by a Distributed Denial of Service (DDoS) Attack

Distributed Denial of Service (DDoS) Protection Hardware for the Data Centre… Or Not!

Earlier this month, Juniper Networks purchased Webscreen Systems from Accumuli a UK-based IT security specialist. With this acquisition, Juniper is furthering a strategy to try to deal with distributed denial of service (DDoS) attacks from within a data centre by adding more hardware. While one can understand why a company that produces and sells hardware would see hardware as the best fix, there are several reasons why this is the wrong solution for most consumers, and could actually unnecessarily cost you time, money and brand integrity. Given the varied range in DDoS hardware protection options out there, it seems that many feel this is the strongest solution to protect their online presence from a DDoS attack. However, after more than 15 years in the industry, I can think of five good reasons why using DDoS hardware protection in a data centre hosting environment is a flawed strategy. REASON #1 Increased costs passed on to customers. With DDoS hardware protection, the expense of purchasing, updating and maintaining the hardware, plus the necessary staff to manage it in a data centre hosting environment, will be high. These costs will be passed on to you, the hosting customer. REASON #2 More points of failure. By adding another piece of hardware, you are adding yet another point of failure. In all things networking, keeping your number of points of potential failure low is a key to success. Studies show that firewalls, IDS and other similar hardware protection platforms have over a 42 percent chance of failing. [Arbor Worldwide Infrastructure Security Report 2011 ] Do you want to be on that platform when it fails? REASON #3 Someone else’s problem becomes your problem. In a data centre environment, multiple customers often share resources (whether they know it or not). Platforms like servers, switches, routers and firewalls are often provisioned with more than one client. If you are sharing DDoS hardware protection, you become vulnerable to the problems of other clients sharing that device. REASON #4 One size never really fits all. A solution for a data centre will try to be generic enough to fit all clients’ needs, which means it probably won’t be specific enough for your exact requirements, or robust enough to handle more sophisticated attacks. REASON #5 How focused are the people watching your gear? Even with the best DDoS hardware protection out there, you might as well try to protect your websites with a toaster if there isn’t a proficient team dedicated to administering and managing the hardware. In a hosting environment, the operations team has many responsibilities, of which managing DDoS hardware is a low priority one. Even if someone is paying attention and able to divert their focus to your servers for a short while during a DDoS attack, it won’t be for long, and repeated DDoS attacks would likely go unmitigated, or your IP would be null-routed to save resources and minimize collateral damage. With so many vendors offering DDoS hardware protection, it might be tempting to conclude that it’s a safer option that will serve your business well. However, cloud-based DDoS protection offers many benefits that are not possible with DDoS hardware solutions, with few of the risks. To learn more about DOSarrest cloud-based DDoS protection and mitigation services, click here . Jag Bains, CTO, DOSarrest Internet Security (Formerly Director of Network Engineering and Operations for Peer1 Hosting)

See the original post:
Distributed Denial of Service (DDoS) Protection Hardware for the Data Centre… Or Not!

Radware launches cloud-based DDoS attack mitigation system

At RSA Conference 2013 in San Francisco, Radware announced DefensePipe, an integrated and comprehensive solution to help mitigate volumetric DDoS attacks which threaten to saturate a customer's Intern…

View the original here:
Radware launches cloud-based DDoS attack mitigation system