Temporary interruptions at two services used by the Windows Secrets Newsletter caused inconveniences for some of our subscribers since our last issue. These problems seem to have been solved, fortunately — but they still burn us up.
Readers who attempted to upgrade their subscriptions from the free version of the newsletter to the paid version, or who tried to view past paid issues, may have seen error messages during the periods of these interruptions. We apologize for the errors and urge anyone who was affected to try again.
The first of the two outages occurred when a hacker directed a distributed denial-of-service (DDoS) attack against Authorize.net. This company handles credit-card authorizations for more than 100,000 businesses, including WindowsSecrets.com.
According to a front-page article published in Computerworld on Sept. 27, an extortionist demanded a “substantial amount of money” from Authorize.net, which is reportedly the largest online credit-card processing gateway in the U.S. When the service rejected the ultimatum, “large-scale” DDoS attacks began on Sept. 15.
The intermittent floods of Internet packets were sent from hacker-controlled “zombie PCs.” These overloads stopped Authorize.net from approving transactions for hours at a time. (Ironically, we described the growing power of these “bot networks” in our Sept. 23 newsletter, before we knew of the attacks on Authorize.net.) Thankfully, the service succeeded in defeating the assault by installing antiflood technologies to filter out the malicious packets, the company said in a statement. Its authorization process has since returned to normal.
No credit-card records were ever at risk, because the attack wasn’t a break-in but merely prevented customers from reaching Authorize.net. During the times when the zombie floods were at their peak, though, our readers who tried to make credit-card payments to get the paid version of the newsletter could not.