Earlier this week, the world was unable to access some of the most internationally popular websites. This included the likes of Giphy, Slack, Medium and Quora. The reason, as Amazon has since explained, was due to a typographical error from an initial course of action that tried to remedy its server’s sluggishness.
Amazon Web Service Failure Of 2017
According to a statement from Amazon, the service disruption occurred while its Simple Storage Service (S3) team was attempting to debug an issue that caused the S3 server to progress more slowly than normal. The standard operating procedure to cure the slowness was to take some of its billing servers offline. However, the person in charge of doing so input the wrong commands, which removed a larger set of servers than what was intended.
The company then further explained why it took so long to remedy the mistake that made several websites inaccessible. The S3 system had not been restarted in “many years,” and it has in that time expanded exponentially. Because of this growth, it took a more extensive time to restart the system and run the corresponding safety check, which validates the integrity of the stored metadata.
Amazon’s web service failure is not the first in its history, nor is it the first in the history of web servicing in general. Cloudflare experienced a massive leak of encrypted browsing history less than a year ago, which went unnoticed until Google security researcher Tavis Ormandy informed them.
Cloudbleed Bug Caused Millions Of Leaks In 2016
As noted by ZDNet, Cloudfare’s investigation of the infamous Cloudbleed came to the conclusion that the bug, which allowed the leak of user browsing sessions, was activated more than a million times within the six months that it was fixed. The engineers that were part of the investigation concluded that there was no evidence of the bug being maliciously exploited before being patched. Cloudfare’s customer base includes Fitbit and OkCupid.
The problem, once found, was immediately fixed, but the potential consequences were massive. The publication noted that 1.2 million requests from the networking giant were at risk of being liked.
The bug which caused it was introduced in September and was fixed on Feb. 13. However, people involved in the matter were adamant that no vital details were part of the leak. This includes credit cards or bitcoin addresses, as well as health records, social security numbers and customer passwords.
Tracing the steps of Cloudbleed was difficult because of the nature of the bug. Instead of extracting data from a particular website, the bug acted differently.
Its random bits of memory that could have come from the millions of websites. Most of the time, the attacker would receive junk, but would once in a while receive valuable information.