Sustained DDoS Wobble Prominent Weblogs

A series of distributed denial of service attacks has made for a tough week for the “Blogosphere,” the fast-growing community of weblogs. Many of the best-read blogs are hosted by Hosting Matters, a Jacksonville, Fla. provider that was knocked offline for a total of 15 hours in three separate attacks from Oct. 16-21.

The DDoS attacks appear to have targeted Internet Haganah, which seeks to identify web sites with terrorist links and then lobbies hosting providers to shut down the suspect sites. Internet Haganah operator Aaron Weisburd says his site was targeted by Al Qaeda sympathizers, while reps from Hosting Matters declined to identify either the target or attacker. Hosting Matters was flooded by up to 150 megabytes of data per second on Oct. 16, leaving most clients offline for much of that day and again on Oct. 20 and 21.

Continue reading

Further DDoS Attack on Rackspace?

Rackspace’s site was down for around two and a half hours early this morning [BST], in what may likely have been a repeat of Tuesday’s distributed denial of service attack.

The response times to our own performance collector on Rackspace’s network indicate that the attack did not adversely affect response times to other machines at Rackspace.

Trail of clues pointed to Blaster B author

On Friday evening [BST] US authorities charged Jeffery Parsons with creating a variant of the Blaster worm know as “Blaster B”. Such a trail of clues pointed to Parsons that those investigating the case must have initially expected that they were dealing with a case of identity theft, but from the reports it seems that Parsons had modified and re-released the worm “because he could” giving no thought to the potential consequences for himself.

Continue reading

Hosting Companies under Attack

The recent spate of distributed denial of service attacks has diversified, with some attackers apparently now targetting hosting companies.

On Tuesday rackspace.com was attacked just one day after issuing a press release launching a service to mitigate the effects of DDoS attacks, while early this morning[BST] Rackshack appeared to suffer a similar attack.

Continue reading

Recent Attacks against OpenSSL likely to be applicable to other SSL implementations

In the past two months, there has been significant new research into the security of OpenSSL, the open source implementation of the Secure Sockets Layer (SSL). OpenSSL is the standard SSL implementation included with most Linux distributions, and as such is the most common choice for running secure websites with Apache. At least one quarter of public SSL sites use OpenSSL according to our most recent SSL Server Survey.

Continue reading