The US International Trade Commission (ITC) has issued a scathing complaint against web-hosting giant GoDaddy, accusing the company of failing to implement basic cybersecurity tools and practices since 2018.

What Is the ITC, and What Is the Complaint?

The ITC is a US federal agency responsible for enforcing trade laws, addressing unfair trade practices, and protecting industries from harm. Although its remit typically covers trade-related matters, it has increasingly expanded its oversight to include consumer protection, particularly in cases where corporate failings have broader implications for commerce and public interest.

In a recent formal complaint, the ITC alleged that GoDaddy violated Section 5 of the Federal Trade Commission Act, which prohibits unfair or deceptive business practices. Despite marketing itself as a secure and reliable hosting provider, GoDaddy (according to the ITC) failed to live up to its claims, thereby leaving millions of customer websites vulnerable, resulting in multiple security breaches and significant data compromises.

The Allegations in More Detail

The ITC’s complaint paints a troubling picture of GoDaddy’s cybersecurity practices (or lack of them). It accuses the company of failing to implement even the most rudimentary safeguards to protect its hosting environment. Among the lapses cited by the ITC are the absence of essential measures such as multi-factor authentication (MFA), proper asset inventory, and robust threat monitoring.

Specifically, the ITC’s complaint (published online) identified the following failings:

– No centralised asset management. As of 2020, GoDaddy had visibility over only 15,000 devices out of the approximately 450,000 in its environment.

– Irregular patch management. Despite a policy requiring critical updates to be applied within 30 days, GoDaddy relied on scattered teams to handle patches with no central oversight, leading to unpatched vulnerabilities across thousands of servers.

– Inadequate logging and monitoring. Security-related events were inconsistently logged, making it difficult to investigate breaches or suspicious activity.

– Weak authentication practices. The company relied on username/password combinations without requiring MFA for privileged accounts until 2020, thereby exposing sensitive systems to unauthorised access.

– Network mismanagement. A lack of segmentation between shared hosting and other services enabled threat actors to move laterally within GoDaddy’s infrastructure.

– API insecurity. GoDaddy’s APIs, critical for managing customer data, used outdated protocols, such as plaintext credentials, leaving them highly susceptible to interception and exploitation.

A History of Breaches and Consequences

The ITC report also details several high-profile security incidents that occurred under GoDaddy’s watch, starting back in 2019. The ITC alleges that these breaches highlight the tangible risks posed by the company’s inadequate security measures.

The 2019-2020 Breaches

A breach in October 2019 saw attackers exploit vulnerabilities in GoDaddy’s infrastructure to move laterally into its shared hosting environment. Threat actors replaced critical server files with malicious versions, ultimately compromising customer and employee login credentials. Shockingly, these intrusions went undetected for six months until another unrelated event in March 2020 prompted an external security audit.

During this time, attackers reportedly stole credentials for over 28,000 customer accounts and 199 employees, gaining administrative access to key systems. The breach also involved the theft of approximately 1,000 payment card details.

2021 WordPress API Breach

In November 2021, GoDaddy discovered another breach targeting its Managed WordPress hosting service. This time, attackers exploited an exposed API, obtaining data for 1.2 million customers, including email addresses, private encryption keys, and login credentials for WordPress and database management tools. Evidence suggests the attackers used this access to plant malware and commit search engine optimisation (SEO) fraud, misleading visitors and search engines alike.

2022 Malware Resurgence

The most recent breach, in December 2022, saw the same threat actors return to exploit remnants of the 2019-2020 compromise. This time, attackers deployed malware that redirected visitors to customers’ websites to malicious destinations, such as phishing pages or explicit content. Despite the repeated nature of these attacks, the ITC alleges that GoDaddy failed to proactively detect the intrusion, learning of it only through customer complaints.

Impact on Customers and the Broader Ecosystem

The consequences of GoDaddy’s (alleged) failings have been far-reaching. Small businesses that rely on its hosting services have endured significant disruptions, including compromised websites, stolen customer data, and tarnished reputations. Some customers have faced financial fraud or identity theft, while others have spent substantial time and resources remediating the damage caused by breaches.

The ITC’s complaint makes the point that these harms were entirely avoidable had GoDaddy employed widely available, low-cost security measures. Also, it accuses the company of misleading customers by marketing its services as secure while failing to back these claims with appropriate protections.

GoDaddy’s Response and the Way Forward

In response to the ITC’s allegations, GoDaddy has neither admitted nor denied the charges but has agreed to implement a comprehensive security overhaul. This includes creating a centralised inventory of its hardware and software, adopting SIEM (Security Information and Event Management) tools for real-time threat detection, and enforcing MFA across all privileged accounts.

A spokesperson for the company stated: “We are committed to safeguarding our customers’ data and continually improving our security posture. Many of the measures outlined in the settlement are already underway.”

The Settlement

Despite the gravity of the accusations and the scale of harm outlined in the ITC’s complaint, the settlement agreement struck with GoDaddy has left some questioning its adequacy. Under the terms of the proposed deal, GoDaddy must implement sweeping improvements to its cybersecurity practices. This includes undergoing regular, independent third-party assessments of its security programme and adhering to a ban on making deceptive claims about its data protection efforts in the future.

Notably, the ITC has not imposed any fines but has warned that future violations could result in penalties of up to $51,744 per breach.

What’s Next?

The ITC has opened the settlement for public comment, and its finalisation will mark a critical juncture for GoDaddy. The case serves as a cautionary tale for other companies, demonstrating the risks of neglecting cybersecurity in an increasingly hostile digital landscape.

What If You’re A Business Customer of GoDaddy’s?

For businesses that rely on GoDaddy’s hosting services, the revelations in the ITC’s complaint may understandably be a little unsettling. Many may now be questioning whether their websites or customer data were compromised in the breaches. Those who suspect they have been affected can review communications from GoDaddy, as the company has stated that it notified impacted customers following major incidents. Also, another option for businesses may be to engage independent security experts to audit their sites and data for any lingering vulnerabilities. Moving forward, customers will need to think carefully about whether GoDaddy’s promised security enhancements can restore their confidence or if alternative hosting providers may better meet their needs.

What Does This Mean For Your Business?

As one of the largest web-hosting providers, GoDaddy holds a significant position of responsibility, safeguarding not only its customers but also the broader ecosystem of internet users who interact with its hosted websites. The ITC’s findings, therefore, paint a very concerning picture of (allegedly) some very basic and systemic failures in cybersecurity practices over several years, leading to serious breaches that have impacted countless businesses and their customers.

For GoDaddy, the settlement offers a chance to repair its reputation and demonstrate a renewed commitment to cybersecurity. Although the lack of financial penalties has been surprising to some, it appears to be more of a case of getting some swift remedial action rather than prolonged litigation. However, it is understandable that some stakeholders may view the resolution as lenient, given the scale of the alleged failings and the potential harm caused. The onus is clearly now on GoDaddy to follow through on its promises and implement the sweeping changes outlined in the settlement.

For businesses affected by the breaches, the road to recovery may be a long and complex one. While GoDaddy’s notification efforts and security improvements may offer some reassurance, the damage to customer trust and the potential for lingering vulnerabilities remain pressing concerns. Businesses should, perhaps, weigh the risks and benefits of continuing their reliance on GoDaddy and consider proactive steps to safeguard their operations, regardless of the hosting provider they choose.

This case serves as a wake-up call for the entire tech industry, underscoring the need for vigilance in an era of evolving cyber threats. Basic security hygiene, while often viewed as a standard requirement, is essential to maintaining trust and preventing harm on a global scale. For organisations of GoDaddy’s stature, the stakes are even higher, as lapses in security can reverberate far beyond their own systems.

The ITC’s intervention, therefore, not only holds GoDaddy to account in some way but also sends a clear message to the industry, i.e. that data protection and cybersecurity are not optional. As businesses and consumers alike navigate the fallout, the hope is that this episode will lead to meaningful changes, not just for GoDaddy but for the industry as a whole, ensuring a more secure digital landscape for everyone.

Discover how to use Windows 11 Energy Saver to extend your laptop’s battery life and reduce energy consumption, with straightforward steps to customise it to your needs.

What Is The Energy Saver Feature?

Windows 11 includes a robust Energy Saver feature designed to help laptops run longer on battery power by optimising system settings. This tool adjusts background processes, screen brightness, and other power-intensive tasks to strike the right balance between performance and energy efficiency. So, whether you’re working remotely, travelling, or just trying to reduce electricity costs, here’s how to make the most of this feature.

Step 1: Ensure Your System is Compatible

To use the Energy Saver feature, your laptop must be running Windows 11 version 24H2 or later. To confirm your version:

– Press the Windows key and click Settings.

– Navigate to System and select About at the bottom of the sidebar.

– Under “Windows specifications,” check the version number listed next to Version. If it reads “24H2” or higher, you’re ready to proceed.

– If your version is older, click Windows Update in the same menu and then select Check for updates. Install any available updates to ensure you’re running the latest version.

Step 2: Enable Energy Saver Mode

Once you’ve confirmed compatibility:

– Open Settings and go to System, then click Power & battery.

– Scroll down to the Battery section and expand the Energy saver menu.

– Enable the Always use Energy Saver option to have it active at all times, or choose to activate it automatically when your battery reaches a specified level. For example, setting this to 20 per cent ensures Energy Saver kicks in when the battery is running low.

Step 3: Adjust Screen Brightness Settings

The laptop screen is one of the largest power drains. Energy Saver can reduce the screen’s brightness automatically:

– In the Power & battery menu, enable Lower screen brightness when using Energy Saver. This dims the screen slightly whenever Energy Saver is active, helping conserve battery power.

– If you find the dimmed brightness too low for your needs (e.g. in bright environments), you can turn this setting off or manually adjust the screen brightness using the slider in the system tray.

Step 4: Optimise Sleep and Screen Time-Outs

To minimise energy waste when your laptop is idle:

In the Power & battery menu, click Screen, sleep, & hibernate time-outs.

– Set shorter intervals for Turn my screen off after and Make my device sleep after. For example, choosing 3 minutes for screen off and 10 minutes for sleep ensures your laptop conserves power when inactive.

Step 5: Configure Power Modes

Customise how your laptop balances performance and efficiency:

– In Power & battery, scroll up to Power Mode and select your preferred setting:

– Best power efficiency: Minimises energy consumption, ideal when running on battery.

– Balanced: Offers a mix of energy savings and performance, dynamically adjusting settings.

– Best performance: Prioritises speed over energy savings, more suitable when plugged in.

– Selecting Best Power Efficiency ensures maximum battery longevity.

Step 6: Explore Energy Recommendations

Windows 11 provides tailored recommendations to further optimise energy usage:

– At the top of the Power & battery page, click Energy recommendations.

– Work through the suggestions listed, which may include enabling dark mode or fine-tuning other settings. Green ticks indicate recommendations already applied.

Step 7: Manage Background Apps

Some applications running in the background can unnecessarily drain battery power. To control this:

– In Settings, go to Apps, then Installed apps.

– Locate any app you wish to manage, click the three dots next to it, and select Advanced options.

– Under Background app permissions, set the app to Power optimised (recommended) or Never to prevent it from running when not in use.

– By limiting unnecessary background activity, your laptop will conserve power more effectively.

Enjoy Longer Battery Life

Using the Energy Saver feature and additional power management tools in Windows 11, you can significantly extend your laptop’s battery life without compromising functionality. Whether you’re conserving energy at home or ensuring your laptop lasts through a long workday, these steps provide a straightforward way to optimise your device for efficiency. Try these adjustments today to experience the difference.

The UK government is consulting on plans to ban ransomware payments by public sector bodies and critical national infrastructure (CNI) to disrupt the financial model underpinning cybercrime.

The proposals also include mandatory reporting of ransomware attacks and measures to block payments to criminal groups, aiming to reduce the threat and support law enforcement investigations.

Ransomware is the most serious cybercrime threat to the UK, with attacks on organisations like the NHS and Royal Mail causing widespread disruption and recovery costs. Security Minister Dan Jarvis highlighted the urgency of action, noting $1 billion was paid globally to ransomware groups in 2023.

Banning payments would make public organisations less attractive targets, while mandatory reporting would provide intelligence to help disrupt criminal networks. Penalties for non-compliance, such as fines or leadership bans, are also being considered to ensure adherence.

This initiative is part of a wider strategy to strengthen the UK’s cyber resilience, complementing global efforts like the disruption of the LockBit network and sanctions against major ransomware groups.

Businesses are advised to adopt strong cybersecurity measures, including frameworks like Cyber Essentials, regular data backups, and tested incident response plans, to mitigate the risk and impact of ransomware attacks.

Borobotics, a Swiss startup, has unveiled an autonomous drilling machine that could make geothermal energy more affordable and accessible, transforming how we harness heat from beneath the Earth’s surface.

Grabowski

The machine (nicknamed “Grabowski”) is being heralded as the “world’s most powerful worm” for its ability to silently and efficiently burrow through various terrains. Compact, resource-efficient, and designed for urban environments, this cutting-edge technology promises to address significant challenges in the push for sustainable energy.

What Is Geothermal Energy, and Why Is It Crucial?

Geothermal energy is a clean, renewable (and always available) energy source derived from the heat stored beneath the Earth’s surface. While most people associate renewable energy with solar and wind, geothermal energy offers distinct advantages, i.e. it’s not weather-dependent, it operates 24/7, and it is virtually limitless.

This underutilised resource currently accounts for just 1 per cent of global energy demand. However, the International Energy Agency (IEA) estimates that geothermal energy could actually supply 15 per cent of the world’s energy needs by 2050 if advancements like Borobotics’ technology gain traction. The environmental benefits could be immense, particularly for heating and cooling, which together account for 50 per cent of global energy consumption, most of which still relies on CO2-producing and polluting fossil fuels.

Enter Borobotics and “Grabowski”

Founded in Winterthur (Switzerland) in July 2023, Borobotics says it’s on a mission to accelerate the energy transition. The company’s co-founder, Hans-Jörg Dennig, began conceptualising the “bore-robot” back in 2017, with technical refinements brought in by Philipp Ganz and the business expertise of Moritz Pill.

At the core of their innovation is “Grabowski,” an autonomous geothermal drill that is radically smaller and quieter than traditional rigs. Measuring just 2.8 metres long with a diameter of 13.5 centimetres, it is designed to fit into tight spaces, such as back gardens, parking lots, or even basements. By comparison, conventional drilling rigs are often 6 metres tall and require significant space and logistical support.

As Pill explains, “Drilling will become possible on properties where it would be unthinkable today — small gardens, parking lots, and potentially even basements.”

Grabowski’s compact design is a game-changer, requiring only 6-8 square metres of operating space (84 per cent less than traditional rigs) and weighing just 150 kilograms. Once activated, the robot can operate autonomously, thereby reducing labour costs and allowing small teams to manage multiple drilling sites simultaneously. This efficiency could address the growing shortage of skilled heat pump installers, especially in Europe.

How Does Grabowski Actually Work?

Grabowski employs advanced technology to drill through diverse materials. For example, equipped with sensors in its head, the robot drill can detect different layers of earth, including water tables, and automatically seal the borehole if it encounters gas or water springs. This ensures safety and reduces the risk of environmental contamination.

The robot’s propulsion system, described as “fluid muscles,” allows it to move smoothly within boreholes, while its unique gearbox and dual-engine design enable effective hammering and rotation to break down tough materials, from sand to granite.

Unlike traditional diesel-powered drills, Grabowski runs purely on electricity and can plug into a standard power outlet, producing just 288 kilograms of CO2 emissions per borehole (a staggering 86 per cent reduction compared to its diesel counterparts). Also, its noise level of under 60 decibels makes it 94 per cent quieter than traditional rigs, ensuring minimal disturbance in residential areas.

Why Geothermal Energy Needs a Boost

Geothermal energy has long been overlooked due to the high upfront costs of drilling and installation. Heat pumps, which transfer heat from underground to buildings, are more efficient than gas boilers and can double as air conditioning systems. However, they are often more expensive to install, particularly when combined with the drilling required for geothermal systems.

The European Union (EU) is actively promoting heat pump adoption as part of its €300 billion REPowerEU plan. For example, it aims to install 43 million new heat pumps between 2023 and 2030. While air-source heat pumps are currently more popular due to their lower costs, geothermal pumps actually offer superior efficiency because they rely on the Earth’s stable subterranean temperatures rather than fluctuating outdoor air.

“In many European countries, at a depth of 250 metres, you have an average temperature of 14 degrees C,” says Pill. “This is ideal for efficient heating in winter, while still being cold enough to cool the building in summer.”

The key to unlocking geothermal energy’s potential lies in reducing costs and making the technology more accessible. Grabowski could therefore represent a significant step towards achieving this goal.

Challenges and Competition

Despite its promise, Grabowski does face some limitations. For example, the robot can currently drill to a maximum depth of 500 metres, which is less than the multi-kilometre depths achieved by larger rigs used in utility-scale geothermal projects. Its drilling speed is also slower, which could be a drawback in certain scenarios. However, Borobotics is targeting shallow geothermal systems, where these limitations are less of an issue.

It should be noted here that Borobotics certainly isn’t alone in the geothermal tech race. For example, startups like Fervo Energy in the United States and Eavor in Canada are making strides with advanced geothermal systems too. Fervo (backed by Bill Gates’ Breakthrough Energy Ventures) recently partnered with Google to power a data centre with geothermal energy. Meanwhile, Eavor is building a massive underground “radiator” in Germany capable of heating an entire town.

Nonetheless, Borobotics’ focus on small-scale, decentralised systems differentiates it from these competitors. By providing an affordable, accessible solution for residential and small commercial properties, Grabowski could carve out a niche market.

What’s Next for Grabowski?

Borobotics is currently developing its first working prototype, with plans to begin field testing at an (as yet) unspecified date in 2025. The company’s CHF 1.3 million (€1.38 million) pre-seed funding round, led by Copenhagen-based Underground Ventures, highlights growing investor confidence in geothermal technology.

As Torsten Kolind, managing partner at Underground Ventures, says, “The potential of geothermal heat pumps to decarbonise Europe is substantial, as long as the cost comes down. The minute that happens, the market is open.”

Borobotics’ approach seems to align perfectly with this vision. By addressing cost, efficiency, and accessibility, the company may be poised to make geothermal energy a viable option for millions of households. If successful, Grabowski could play a pivotal role in reshaping the energy landscape, reducing reliance on fossil fuels, and advancing global sustainability efforts.

What Does This Mean For Your Organisation?

Borobotics’ innovation sounds like it could offer a step forward in the quest for more sustainable (and hopefully cheaper) energy solutions. By focusing on affordability, compactness, and accessibility, the company is addressing some of the key barriers that have historically limited the adoption of geothermal energy. With the EU’s ambitious goals to decarbonise heating and cooling, Grabowski could fill a crucial gap in the market, particularly in urban and residential settings where traditional rigs are impractical.

Grabowski’s environmental credentials are also quite impressive. Its reliance on electricity over diesel, combined with its reduced CO2 emissions and quieter operation, make it a gentler option for the planet and its people. The prospect of an autonomous drilling robot that can be set up by a single worker and left to operate independently could significantly streamline geothermal installation processes. This innovation sounds like it may alleviate bottlenecks caused by Europe’s shortage of skilled heat pump installers, potentially accelerating the adoption of geothermal systems.

That said, challenges remain. Grabowski’s maximum drilling depth of 500 metres and slower speed may limit its application in certain contexts, especially in large-scale energy projects requiring deeper wells. Also, although Borobotics appears to be well-positioned in the growing geothermal market, competitors like Fervo Energy (with some serious backing) and Eavor are pursuing equally innovative solutions, which may overshadow the Swiss startup’s ambitions on a global scale.

The geothermal sector itself must also overcome broader obstacles. While the technology offers immense potential, upfront costs and public awareness remain barriers to widespread adoption. Public and private investment could be crucial in bringing costs down and fostering a shift towards geothermal energy. Borobotics’ ability to deliver on its promises, particularly as it transitions from prototype development to real-world deployment, will determine its impact on this evolving landscape.

Borobotics is, therefore, now entering a market primed for change, with a product that seems tailor-made to capitalise on the growing demand for sustainable heating and cooling. If the company can navigate the challenges ahead and scale its technology effectively, the Grabowski autonomous bore/drill may well become a vital player in the push to decarbonise energy systems. While the road ahead is far from smooth, the possibilities for a more sustainable future make this an endeavour worth watching closely.

This handy new feature from those clever people at OpenAI now lets you set ‘tasks’ which can then be scheduled for specific times and the results can be emailed across to you. Have a play with it – it’s fascinating!

[Note – To Watch This Video without glitches/interruptions, It may be best to download it first]

Save important webpages instantly as bookmarks with a simple shortcut to avoid losing valuable resources or frequently visited sites. Here’s how:

Open a Browser:

– Launch Microsoft Edge or Google Chrome.

Bookmark with Ctrl + D:

– Press Ctrl + D, rename the bookmark (if needed), and save it to your desired folder.

– This is great for efficiently organising references, work resources, or research materials.