A MongoDB database containing the personal data of millions of UK residents was left exposed to the public internet for almost a week after its owner neglected to secure the Amazon Web Services (AWS) server that housed it.
The company in question, an unnamed software supplier, pulled records including names, email addresses, shipping addresses, purchase details, and redacted credit card numbers from the marketplace and payment system application programming interfaces (APIs) of Amazon, Ebay, PayPal, Shopify and Stripe to help merchants using these platforms calculate VAT.
It also contained Amazon Marketplace Web Services (MWS) queries including authentication tokens, API queries, AWS access key IDs and secret keys.
However, according to Comparitech threat researcher Bob Diachenko, who uncovered the exposed server on 3 February, the owner left the records visible to the web without any password or authentication needed to access it.
Because Diachenko was at first unable to identify
According to new research published today, modern RAM cards are still vulnerable to Rowhammer attacks despite extensive mitigations that have been deployed by manufacturers over the past six years.
These mitigations, collectively referred to as Target Row Refresh (TRR), are a combination of software and hardware fixes that have been slowly added to the design of modern RAM cards after 2014 when academics disclosed the first-ever Rowhammer attack.
A short history of Rowhammer attacks
On modern RAM cards, every time your computer handles data inside its memory, the actual data is saved inside memory cells, and each of these memory cells are arranged in a table-like grid pattern on the card’s plastic base.
While this neatly-arranged design has helped engineers cram as many memory cells on a RAM card as possible, it has also enabled the possibility of electrical interference between memory cells.
This is, quintessentially, what
Three years. That’s the time that it took the IT team at French TV provider Molotov to put in place the infrastructure needed to broadcast 170 channels in 30 formats to several hundred thousand users simultaneously.
Fundamental to the platform is Scality object storage and Dell EMC server hardware.
“The big challenge was to achieve real-time encoding of 30 standard formats for every channel, each one suited to different bandwidths to suit the different device types and internet connections of our users,” says Alexandre Ouicher, technical director at Molotov.
“We set ourselves the requirement to tolerate three minutes between a channel streaming and us being able to distribute it. The key challenge is to allow our users to move from one channel to another in less than 200 milliseconds,” adds Ouicher, who is head of a team of 40, around half of the total at the company.