Connect with us

News

Fastly blames software bug for major global internet outage | Business and Economy News

Published

on


Fastly, the company behind a major global internet outage this week, says the incident was caused by a bug in its software that was triggered when one of its customers changed their settings.

Tuesday’s outage raised questions about the reliance of the internet on a few infrastructure companies. Fastly’s issue knocked out high traffic sites including news providers such as the Guardian and New York Times, as well as British government sites, Reddit and Amazon.com.

“This outage was broad and severe and we’re truly sorry for the impact to our customers and everyone who relies on them,” the company said in a blog post authored by Nick Rockwell, its senior engineering and infrastructure executive.

He said the problem should have been anticipated.

Fastly operates a group of servers strategically placed around the world to help customers move and store content close to their end users quickly and safely.

The company post gave a timeline of events and promised to examine and explain why Fastly had failed to detect the software bug during its own testing process.

Fastly said the bug was in a software update shipped to customers on May 12 but was not triggered until one unidentified customer carried out settings changes that triggered the problem “which caused 85% of our network to return errors”.

Fastly noticed the outage within a minute of it occurring at 09:47 GMT, and engineers worked out the cause at 10:27 GMT. Once they disabled the settings that triggered the problem, most of the company’s network quickly recovered.

“Within 49 minutes, 95% of our network was operating as normal,” the company said.

Its networks were fully recovered at 12:35 GMT and it began rolling out a permanent software fix at 17:25 GMT, Fastly said.



Source – www.aljazeera.com

Advertisement

News

Palestinians not counting on change as Bennett replaces Netanyahu | Benjamin Netanyahu News

Published

on

By


Palestinian leaders say new Israeli PM Naftali Bennett is likely to pursue the same right-wing agenda as Benjamin Netanyahu.

Palestinian groups have dismissed the change in Israel’s government, saying new Israeli Prime Minister Naftali Bennett is likely to pursue the same right-wing agenda as his predecessor, Benjamin Netanyahu.

Palestinian President Mahmoud Abbas’s office called the Israeli parliamentary vote on Sunday an “internal Israeli affair” while groups in the besieged enclave of Gaza pledged to keep up their fight for Palestinian rights. Gaza has been under an Israeli air, land and sea blockade since 2007.

The Palestinian Foreign Ministry, meanwhile, issued a statement saying it was “inaccurate” to call Bennett’s coalition government a “government of change” unless there was a significant shift in its position on the Palestinian right to self-determination and the establishment of an independent Palestinian state with East Jerusalem as its capital.

Bennett, who heads the ultra-nationalist Yamina party and describes himself as “more right-wing” than Netanyahu, has said that the creation of a Palestine state would be “national suicide” for Israel. He has also called for the annexation of most of the occupied West Bank.

The millionaire former high-tech entrepreneur faces a tough test maintaining an unwieldy coalition from the political right, left and centre. Analysts say Bennett’s government will likely avoid sweeping moves on hot-button issues such as policy towards the Palestinians and instead focus on domestic reforms.

Palestinians unmoved

“This is an internal Israeli affair,” said Nabil Abu Rudeineh, spokesman for Abbas. “Our position has always been clear, what we want is a Palestinian state on the 1967 borders with Jerusalem as its capital.”

In a statement, the Palestinian foreign ministry posed a host of questions to Bennett’s government. “What is the position of the new government regarding the Palestinian people’s right to self-determination and the establishment of their independent state with East Jerusalem as its capital?”

“What is its position of the settlement and annexation processes? What is its position on Jerusalem and respect for the historical and legal situation there? Its position on the signed agreements? Its position on the resolutions of international legitimacy? Its position on the two-state solution and negotiations on the basis of the principle of land for peace?”

In Gaza, Palestinian groups vowed to keep resisting Israel.

“We aren’t counting on any change in the occupation governments, since they are united on the policy of killing Palestinians and confiscating Palestinian rights,” said Sami Abu Zuhri, a senior Hamas official.

And prior to the Israeli parliament vote, Fawzi Barhoum, a spokesman for Hamas said: “Regardless of the shape of the government in Israel, it will not alter the way we look at the Zionist entity. It is a settler occupier entity that must be resisted by all forms of resistance, foremost of which is armed resistance.”



Source – www.aljazeera.com

Continue Reading

News

Recent cyberattacks reveal US utilities’ extreme vulnerability | Business and Economy News

Published

on

By


When the Los Angeles Department of Water and Power was hacked in 2018, it took a mere six hours. Early this year, an intruder lurked in hundreds of computers related to water systems across the U.S. In Portland, Oregon, burglars installed malicious computers onto a grid providing power to a chunk of the Northwest.

Two of those cases — L.A. and Portland — were tests. The water threat was real, discovered by cybersecurity firm Dragos.

All three drive home a point long known but, until recently, little appreciated: the digital security of U.S. computer networks controlling the machines that produce and distribute water and power is woefully inadequate, a low priority for operators and regulators, posing a terrifying national threat.

“If we have a new world war tomorrow and have to worry about protecting infrastructure against a cyberattack from Russia or China, then no, I don’t think we’re where we’d like to be,” said Andrea Carcano, co-founder of Nozomi Networks, a control system security company.

Hackers working for profit and espionage have long threatened American information systems. But in the last six months, they’ve targeted companies running operational networks like the Colonial Pipeline fuel system, with greater persistence. These are the systems where water can be contaminated, a gas line can spring a leak or a substation can explode.

The threat has been around for at least a decade — and fears about it for a generation — but cost and indifference posed obstacles to action.

Colonial Pipeline was targeted by ransomware hackers in the past few weeks, one of the more prominent such attacks [File: Mark Kauzlarich/Bloomberg]

It isn’t entirely clear why ransomware hackers — those who use malicious software to block access to a computer system until a sum of money has been paid — have recently moved from small-scale universities, banks and local governments to energy companies, meatpacking plants and utilities. Experts suspect increased competition and bigger payouts as well as foreign government involvement. The shift is finally drawing serious attention to the problem.

The U.S. government began taking small steps to defend cybersecurity in 1998 when the Clinton administration identified 14 private sectors as critical infrastructure, including chemicals, defense, energy and financial services. This triggered regulation in finance and power. Other industries were slower to protect their computers, including the oil and gas sector, said Rob Lee, the founder of Dragos.

One of the reasons is the operational and financial burden of pausing production and installing new tools.

Much of the infrastructure running technology systems is too old for sophisticated cybersecurity tools. Ripping and replacing hardware is costly as are service outages. Network administrators fear doing the job piecemeal may be worse because it can increase a network’s exposure to hackers, said Nozomi’s Carcano.

Although the Biden administration’s budget includes $20 billion to upgrade the country’s grid, this comes after a history of shoulder shrugging from federal and local authorities. Even where companies in under-regulated sectors like oil and gas have prioritized cybersecurity, they’ve been met with little support.

Take the case of ONE Gas Inc. in Tulsa, Oklahoma.

Niyo Little Thunder Pearson was overseeing cybersecurity there in January 2020 when his team was alerted to malware trying to enter its operational system -– the side that controls natural gas traffic across Oklahoma, Kansas and Texas.

Hacker Dogfight

For two days, his team was in a dogfight with the hackers who moved laterally across the network. Ultimately, Pearson’s team managed to expel the intruders.

When Richard Robinson at Cynalytica fed the corrupted files into his own identification program, ONE Gas learned it was dealing with malware capable of executing ransomware, exploiting industrial control systems and harvesting user credentials. At its core were digital footprints found in some of the most malicious code of the last decade.

Pearson tried to bring the data to the Federal Bureau of Investigation but it would only accept it on a compact disc, he said. His system couldn’t burn the data onto a CD. When he alerted the Department of Homeland Security and sent it through a secure portal, he never heard back.

Robinson of Cynalytica was convinced a nation-state operator had just attacked a regional natural gas provider. So he gave a presentation to DHS, the Departments of Energy and Defense and the intelligence community on a conference call. He never heard back either.

“We got zero, and that was what was really surprising,” he said. “Not a single individual reached back out to find out more about what happened to ONE Gas.”

The agencies didn’t respond to requests for comment.

Such official indifference — even hostility — hasn’t been uncommon.

The 2018 break-in to the L.A. water and power system is another example.

These weren’t criminals but hackers-for-hire paid to break into the system to help it improve security.

After the initial intrusion, the city’s security team asked the hackers to assume the original source of compromise had been fixed (it hadn’t) while hunting for a new one. They found many.

Between the end of 2018 and most of 2019, the hired hackers discovered 33 compromised paths, according to a person familiar with the test who wasn’t authorized to speak publicly. Bloomberg News reviewed a report produced by the hackers for Mayor Eric Garcetti’s office.

It described 10 vulnerabilities found during their own test, along with 23 problems researchers had discovered as early as 2008. (Bloomberg News won’t publish information that hackers could use to attack the utility.) The person familiar with the operation discovered that few, if any, of the 33 security gaps have been fixed since the report’s submission in September 2019.

It gets worse.

Los Angeles Mayor Eric Garcetti ended a contract with hackers to find gaps in the city’s systems [File: Getty Images]

Soon after the hackers produced the report, Mayor Garcetti terminated their contract, according to a preliminary legal claim filed by the hackers hired from Ardent Technology Solutions in March 2020. The company alleges the mayor fired the hackers as a “retaliatory measure” for the scathing report.

Ellen Cheng, a utility spokeswoman, acknowledged that Ardent’s contract was terminated but said it had nothing to do with the report’s substance. She said the utility frequently partners with public agencies to improve security, including scanning for potential cyber threats.

“We want to assure our customers and stakeholders that cybersecurity is of the utmost importance to LADWP and that appropriate steps have been taken to ensure that our cybersecurity is compliant with all applicable laws and security standards,” Cheng said in a statement.

Garcetti’s office didn’t respond to a request for comment.

The case of the Oregon network — the Bonneville Power Administration — is no more encouraging.

The testing went on for years beginning in 2014 and involved an almost shocking level of intrusion followed by a pair of public reports. One published in 2017 admonished the agency for repeatedly failing to take action.

By 2020, two-thirds of the more than 100 flaws identified by the Department of Energy and the utility’s own security team hadn’t been resolved, according to interviews with more than a dozen former and current Bonneville security personnel and contractors and former members of the Department of Energy cyber team, in addition to documents, some accessed via Freedom of Information Act request.

Doug Johnson, a spokesperson for Bonneville, said a team reviewed the security reports in mid-2019 and that efforts to remediate those are ongoing. The utility acknowledged that hackers were able to breach certain BPA systems in those test hacks, but Johnson said “at no time were they able to gain access to any of the BPA systems that monitor or control the power grid.”

Dragos estimated in its 2020 cybersecurity report that 90% of its new customers had “extremely limited to no visibility” inside their industrial control systems. That means that once inside, hackers have free rein to collect sensitive data, investigate system configurations and choose the right time to wage an attack.

The industry is finally focused on fighting back.

“If the bad guys come after us, there has to be an eye-for-an-eye, or better,” observed Tom Fanning, chief executive officer of Southern Co., at a conference this week. “We’ve got to make sure the bad guys understand there will be consequences.”



Source – www.aljazeera.com

Continue Reading

News

Business: Liberia VP, Jewel Taylor, Arrives in Uganda

Published

on

By


Liberia’s Vice President, Jewel Cianeh Taylor, has arrived in Uganda.

Jewel, the wife of former Liberian President Charles Taylor, was received on Monday morning at Entebbe International Airport by incoming State Minister of Trade, David Bahati.

“She (Jewel) is here to explore possibilities of cooperation in areas of Trade, industrialization and infrastructure development,” said Bahati.

The Minister told ChimpReports that Jewel will tour Kampala Industrial and Business Park (KIBP) at Namanve – the largest industrial hub in Uganda sitting on 2600 hectares of land.

The industrial park has attracted over 400 investors for development in various sub-sectors such as agro processing, mineral processing, ICT, logistics and freight, warehousing, general manufacturing as well as tourism promotion activities.

She also will meet with President Museveni at State House Entebbe.

Jewel is one of few women in top political leadership positions in Africa.

She has been championing the Africa Continental Free Trade Area (AfCFTA) – a major boost for African economies.

“We expect a 52 per cent boost in intra-Africa trade by 2022,” she said.

Africa is the last frontier, with about 40 per cent of the world’s natural resources and the fastest-growing population globally.

If Africa uses this leverage to implement an industrialized revolution, it can have sustained economic growth.

Jewel recently said Africa is “at a point where we need mutually rewarding partnerships, not just grants. It’s time for an African industrial revolution. Africa’s resources have traditionally been taken out of our countries, processed abroad, and brought back. Now, African leaders are saying that we want investors to help build industries that process our natural resources locally. It is not just to take out raw materials.”

The post Business: Liberia VP, Jewel Taylor, Arrives in Uganda first appeared on ChimpReports.



Source – chimpreports.com

Continue Reading

Trending