It seems like not a month goes by without another code vulnerability being discovered. One only hopes that the people who find the vulnerabilities are good guys. This time it is an L1 Terminal Fault (L1TF) in the Intel chip that it used by web hosts running virtual machines. That includes Digital Ocean, the web host that we use.
The vulnerability exposes data to anyone running on the same processor core as another domain’s data. It’s like one tenant in an apartment block being able to look in on the next apartment.
Thankfully, Intel has learned from its earlier mistake of keep its problems to itself. Instead, it shared information about the problem with web hosts and that means that Digital Ocean has already started working on a fix.
They say that it’s going to take a few weeks to complete the work, but they do not anticipate any downtime for their users (Quillcards, in our case) as a result of their efforts to fix the problem.
What I do expect is that they will share any information about anyone who actually has used the vulnerability to look where they shouldn’t.
We track Quillcards and get an email alert if it goes down for any reason. It went down for about 15 minutes less than an hour ago.
Our web host posted a notice immediately and I signed up to be alerted with updates to the notices.
The first notice said:
We are seeing some heavy packet loss at our Dallas datacenter right now. We are investigating.
I signed in to a chatroom at the web host and was told that the packet loss (loss of data) was at the Dallas data center where our site is hosted.
So I knew that the problem affected our web host and was not Quillcards itself that was having a problem internally.
The next notice said:
It looks like the loss has subsided now, this affected our entire Dallas network, and appears to have been something from upstream. Working with the datacenter NOC team to find out what occurred.
The thing is that the Dallas data center handles data for various web hosts, and this was the final notice:
We have been advised another customer at the datacenter was subject to a very large DOS attack. That has been blocked and the network has returned to normal.
So what is a DOS attack?
It’s a malicious attack by outsiders who send a query with forged credentials to the website they are attacking. The web server responds and the attacker asks the same question again. Except the attacker doesn’t just ask once or twice: It asks many, many times a second and eventually overwhelms the service.
The way to stop the attacks varies with the kind of attack, but one way is to query the credentials and get the attacker to prove it is who it claims to be. When it fails to do so, the attack is blocked.