Connect with us

Technology

One of the most powerful DDoSes ever targets cryptocurrency platform

Published

on

A cryptocurrency platform was recently on the receiving end of one of the biggest distributed denial-of-service attacks ever after threat actors bombarded it with 15.3 million requests, content delivery network Cloudflare said.

DDoS attacks can be measured in several ways, including by the volume of data, the number of packets, or the number of requests sent each second. The current records are 3.4 terabits per second for volumetric DDoSes—which attempt to consume all bandwidth available to the target—809 million packets per second, and 17.2 million requests per second. The latter two records measure the power of application-layer attacks, which attempt to exhaust the computing resources of a target’s infrastructure.

Cloudflare’s recent DDoS mitigation peaked at 15.3 million requests per second. While still smaller than the record, its power was more considerable because the attack was delivered through HTTPS requests rather than HTTP requests used in the record. Because HTTPS requests are much more compute-intensive than HTTP requests, the latest attack had the potential to put much more strain on the target.

Cloudflare

The resources required to deliver the HTTPS request flood were also greater, indicating that DDoSers are growing increasingly more powerful. Cloudflare said that the botnet responsible, comprising about 6,000 bots, has delivered payloads as high as 10 million requests per second. The attack originated from 112 countries, with about 15 percent of the firepower from Indonesia, followed by Russia, Brazil, India, Colombia, and the United States.

“Within those countries, the attack originated from over 1,300 different networks,” Cloudflare researchers Omer Yoachimik and Julien Desgats wrote. They said that the flood of traffic mainly came from data centers, as DDoSes move away from residential network ISPs to cloud computing ISPs. Top data center networks included the German provider Hetzner Online GmbH (Autonomous System Number 24940), Azteca Comunicaciones Colombia (ASN 262186), and OVH in France (ASN 16276). Other sources included home and small office routers.

“In this case, the attacker was using compromised servers on cloud hosting providers, some of which appear to be running Java-based applications. This is notable because of the recent discovery of a vulnerability (CVE-2022-21449) that can be used for authentication bypass in a wide range of Java-based applications,” Cloudflare VP of Product Patrick Donahue wrote in an email. “We also saw a significant number of MikroTik routers used in the attack, likely exploiting the same vulnerability that the Meris botnet did.”

Cloudflare

The attack lasted about 15 seconds. Cloudflare mitigated it using systems in its network of data centers that automatically detect traffic spikes and quickly filter out the sources. Cloudflare didn’t identify the target except that it operated a crypto launchpad, a platform used to help fund decentralized finance projects.

The numbers underscore the arms race between attackers and defenders as each attempts to outdo the other. It won’t be surprising if a new record is set in the coming months.

This Article was first live here.

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published.

Technology

Apple’s Next Trick: Letting You Borrow Cables From Android Friends

Published

on

A photo of a USB-C cable

Photo: Sam Rutherford / Gizmodo

It might not seem like the needle-moving announcement that Apple would make. But thanks to a news bit from a trusted analyst, there’s hope on the horizon that someday soon, Apple iPhones and Android smartphones will stop being separated—by charging cables, at least. (Don’t expect any parity on messaging any time soon!)

This week on Gadgettes, we dive into the most recent Apple leaks. With WWDC 2022 fast approaching, we figured it’d be an appropriate time to round up some of what we’ve heard in the rumor mill.

In addition to the USB-C tidbit, there’s chatter about everything from what the Apple Watch Series 8 will be capable of to whether iOS 16 will see much of a significant bump. We’ll also get into some of the patents revealed over the past few weeks, including a Surface Pro-like keyboard for the iPad and a foldable iPhone with a color E Ink display.

Then, Sony does it again, grooving into our hearts with its new WH-1000XM5 headphones. The model name doesn’t quite roll off the tongue, but you won’t care once you realize these are some of the best headphones money can buy. We’ll talk about why these headphones are worth their $400 price point. We’ll also get into the caveats of headphones like these and why the WH-1000XM5’s new folding mechanism might make you go for the last-generation model.

Finally, we’ll defend printers. We’ll explain why you might consider springing for an all-in-one printer for your at-home print shop. The compact HP Deskjet 6700 is an all-in-one that comes in a few colors and pairs rather nicely with the Amazon Basics laminator if you need to make reusable worksheets! HP also offers Instant Ink, which ships you ink cartridges so that you don’t have to worry about securing more when they run out.

Listen to this week’s episode of Gadgettes on Apple Podcasts, Spotify, or wherever you get your podcasts.

This Article was first live here.

Continue Reading

Technology

Chromebook 101: how to change your Chrome OS channels and get unreleased features

Published

on

You might not know it from glancing at a Chromebook, but Google’s Chrome OS is in a constant state of evolution.

The operating system receives minor updates every two to three weeks and major releases every six weeks. And, at any given moment, Google’s staff is working on features and software enhancements that most people won’t see for a matter of weeks — or months.

Here’s a little secret, though: if you’re feeling adventurous, you can gain access to those unreleased enhancements. All it takes is the flip of a virtual switch in your Chromebook’s settings, and you’ll have all sorts of interesting new options at your fingertips.

First, it’s important to understand exactly what’s involved so you can make an educated decision about which setup makes the most sense for you.

Understanding the Chrome OS channels

Chrome OS actually exists in four separate development channels. The software you see on your Chromebook varies considerably depending on which channel you choose:

  • The Stable channel is the polished and ready for prime time version of the software that all devices use by default.
  • The Beta channel is updated weekly and receives new features about a month ahead of its Stable sibling.
  • The Developer channel is updated as frequently as twice a week and sees stuff that’s actively being worked on and has undergone only a small amount of testing.
  • Finally, the Canary channel is what Google describes as the “bleeding edge” Chrome OS path — a channel that receives daily updates prior to any widespread testing and can be accessed only by a Chromebook that’s switched into a special developer mode (which, somewhat confusingly, has nothing to do with the Developer channel).

The Stable channel is the safest option and what the vast majority of people should use — particularly those who need to know their computers will always work flawlessly without any hiccups or unexpected glitches.

If you’re feeling adventurous and don’t mind a bit of a risk, the Beta channel is a good way to get a peek at unreleased features without too much instability. The odds of running into something funky are certainly higher than with Stable, but, by and large, elements in Beta are fairly well-developed and just in the final phases of testing.

Most day-to-day users would be well advised to stay away from the Developer channel since it receives updates as they’re built and is quite likely to contain bugs. And, as for the Canary channel, if you’re not sure whether you ought to be using it, the answer is probably no.

Changing your Chrome OS channel

Once you’ve decided which channel you want to try, here’s how to make the switch:

  • Open your Chromebook’s settings.
  • Click About Chrome OS in the menu on the left, then click Additional details.

Click About Chrome OS in the menu on the left, then click Additional details.

  • Look for the category Channel and click the Change channel button. That’ll cause a pop-up to appear that lets you select the Stable, Beta, or Developer channel. (Canary, remember, is available only if your device is in Developer mode — a level of access that opens the door to more advanced forms of OS modification but also disables some of the software’s standard layers of protection. It requires several extra steps to enable and, again, isn’t advisable for most Chromebook users.)

Change channel menu

Choose the Stable, Beta, or Developer channel.

  • Click the channel you want, then click the blue Change channel confirmation button that appears.
  • Click the left-facing arrow at the top of the screen to get back to the About Chrome OS page. When you see the Restart button appear near the top of the page (it may take a minute or two), click it.

About Chrome OS page with Restart button

Hit the Restart button to complete the change.

And that’s it: as soon as your Chromebook finishes restarting, you’ll be on your new channel with all your accounts, files, and preferences in place just like you left them.

If you ever decide you want to move back to the Stable channel, repeat that same process and select Stable.

Change channel box with “Change channel and Powerwash” button.

If you change back to Stable, you’ll have to Powerwash your system.

Just note that moving in that direction — from a higher channel to a less experimental one — generally requires you to Powerwash your Chromebook. Powerwash means all of your information and data will be erased, and you’ll have to sign in anew and start over.

About ChromeOS box

Hit the Restart and reset button to finish the process of restoring the Stable channel.

The one exception: if your Chromebook is connected to a work- or school-based G Suite account, your data won’t be deleted and the change won’t take place immediately. Instead, you’ll have to wait until the lower channel catches up to the higher one in version number, which could take anywhere from a few weeks to a few months.

Update May 20th, 2022, 9:30AM ET: This article was originally published on October 15th, 2019, and has been updated to account for changes in the OS.

This Article was first live here.

Continue Reading

Technology

Qualcomm updates its AR Smart Viewer reference design with a higher-powered chipset, a wireless tethering system with Wi-Fi 6 / 6E and Bluetooth, and more (Adi Robertson/The Verge)

Published

on


Adi Robertson / The Verge:

Qualcomm updates its AR Smart Viewer reference design with a higher-powered chipset, a wireless tethering system with Wi-Fi 6 / 6E and Bluetooth, and more  —  But don’t expect much battery life  —  Qualcomm is introducing a wireless version of its augmented reality Smart Viewer …

This Article was first live here.

Continue Reading

Trending