GoDaddy goes down

WEB HOSTING FIRM Godaddy saw its services go down for several hours last night as a mystery problem knocked thousands of websites offline. The firm admitted to the problems in a string of messages on the microblogging website Twitter.

 There it said that it was aware of the problem and was working hard to fix it. This was denied and rather scorned, however, by the rest of the group. The account holder, called Anonymousown3r, says that he was working alone, and asked that people not associate the attack with the wider Anonymous group. 

He claims that his still attacking Godaddy but has not given any reason for the attack. In statements on Twitter the hacker has suggested that the attack was easy, claiming that when he chooses to mount a denial of service attack on a website he can keep it offline for months. 

Godaddy has not yet responded to our request for comment, but in a statement on its website has told customers that no personal information has been taken in the attack.

 Update

 Godaddy has reponded to the outage, revealing that there was no hacking involved. 

A spokesperson said, "The service outage was not caused by external influences. "It was not a 'hack' and it was not a denial of service attack (DDoS). 

We have determined the service outage was due to a series of internal network events that corrupted router data tables. 

"Once the issues were identified, we took corrective actions to restore services for our customers and Godaddy.com. We have implemented measures to prevent this from occurring again." )

Tuesday, September 11, 2012 | 0 comments | Read More

Texas college students hijack drone aircraft

What’s that in the sky? It’s a bird! It’s a plane! It’s… a unmanned military drone that’s been hijacked by a group of college students? Yes, some smart young folks from the University of Texas at Austin managed to take control of an aerial drone’s course, and disturbingly, it was really easy to do.

Mind you that this was not some kind of fly-by-night operation. The students were asked by the Department of Homeland security to do their best to gain control of the drone (which is technically university property). It turns out that all they needed was about $1000 worth of equipment to seize control of a multi-million dollar piece of technology often deployed by the military.

The government became concerned about the vulnerability of drone aircraft after it became apparent that Iran had most likely taken control of a US drone and crashed it in Iranian territory several months ago. The Austin students, led by professor Todd Humphreys, used the high-end GPS equipment to spoof the GPS signal being sent to the drone. Spoofing the signal means the students were able to trick the drone into mistaking their signal for the real one. This allowed them to lead the drone astray quite easily. The aircraft being used employs the same unencrypted GPS signals that the government vehicles do.

This hack presents a serious problem for proponents of the domestic use of drones. If anyone with $1000 and a little know-how can crash a drone into things, that’s just not safe. It is currently illegal to use drone aircraft in US airspace without special clearance from the FAA, and it might take a little longer than expected for that to change.

Friday, June 29, 2012 | 0 comments | Read More

Hackers outwit online banking identity security system

Criminal hackers have found a way round the latest generation of online banking security devices given out by banks, the BBC has learned.After logging in to the bank's real site, account holders are being tricked by the offer of training in a new "upgraded security system".

Money is then moved out of the account but this is hidden from the user.

Experts say customers should follow banks' official advice, use up-to-date anti-virus software and be vigilant.

Devices like PINSentry from Barclays and SecureKey from HSBC - which look a lot like calculators - ask users to insert a card or a code to create a unique key at each login, valid for around 30 seconds, that cannot be used again.

This brought a new level of online banking security against password theft.

The additional line of defence provided security even if a user's computer along with any password information was hacked, and they still offer the best level of protection available against online banking fraud.

While these chip and pin devices make the hackers' job more difficult, the hackers themselves have raised their game.

A test witnessed as part of a BBC Click investigation suggests even those with up-to-date anti-virus software could be at risk.There is no specific risk to any one individual bank.

In the test the majority of web security software on standard settings did not spot that a previously unseen piece of malware created in the software testing lab was behaving suspiciously.

The threat does not strike until the user visits particular websites.Called a Man in the Browser (MitB) attack, the malware lives in the web browser and can get between the user and the website, altering what is seen and changing details of what is being entered.

Some versions of the MitB will change payment details and amounts and also change on-screen balances to hide its activities.

With the additional security devices, the risk of fraud is only present for one transaction, and only if the customer falls for the "training exercise".

"The man in the browser attack is a very focused, very specific, advanced threat, specifically focused against banking," said Daniel Brett, of malware testing lab S21sec.

"[Although] many products won't pick this up, they've got a much bigger scope, they're having to defend against all the viruses since the beginning of time."

Every time a new update to the malware is released, it takes the security companies a number of weeks to learn how to spot it - to learn its common features.

But one security company did privately concede that, if this threat had come from a source not known to be bad and started communicating with a web address also not on the black-list of "bad" sites - until they had discovered and analysed it - it probably would have beaten their protection.

Fraud detection software

Makers of many of the security products featured in tests argued that it was not valid as it only tested one part of their protection.

They point out that they continually search for and blacklist websites, emails, and other sources of malware.

Mark Bowerman, of Financial Fraud Action UK, said: "Banks also employ what's called back-end security and that's what's happening behind the scenes to protect you from online banking fraud.

"We've got intelligent fraud detection software, and it's used to seeing how you operate your online bank account.

"Any deviations from the norm and the software is going to pick it up - that may be the type of transaction you've made or the amount."

Most computer security products will block this kind of threat if their security settings are turned up to maximum but will also block many legitimate programs too.

Online banking fraud losses totalled £16.9 million in the first six months of 2011, according to Financial Fraud Action UK.In the UK, banks usually refund victims of online fraud as a matter of course. Banks and experts say customers must continue using online security anti-virus products.

Monday, February 06, 2012 | 0 comments | Read More