World’s biggest DDoS attack record broken after just five days

DDoS Protection Powered by  DDos-GuarD
Last week, the code repository GitHub was taken off air in a 1.3Tbps denial of service attack. We predicted then that there would be more such attacks and it seems we were right.

Arbor Networks is now reporting that a US service provider suffered a 1.7Tbps attack earlier this month. In this case, there were no outages as the provider had taken adequate safeguards, but it’s clear that the memcached attack is going to be a feature network managers are going to have to take seriously in the future.

DDoS Protection Powered by  DDos-GuarD

The attacks use shoddily secured memcached database servers to amplify attacks against a target. The assailant spoofs the UDP address of its victim and pings a small data packet at a memcached server that doesn’t have an authenticated traffic requirement in place. The server responds by firing back as much as 50,000 times the data it received.

With multiple data packets sent out a second, the memcached server unwittingly amplifies the deluge of data that can be sent against the target. Without proper filtering and network management, the tsunami of data can be enough to knock some providers offline.

There are some simple mitigation techniques, notably blocking off UDP traffic from Port 11211, which is the default avenue for traffic from memcached servers. In addition, the operators of memcached servers need to lock down their systems to avoid taking part in such denial of service attacks.

“While the internet community is coming together to shut down access to the many open memcached servers out there, the sheer number of servers running memcached openly will make this a lasting vulnerability that attackers will exploit,” said Carlos Morales, VP of sales, engineering and operations at Arbor Networks.

“It is critically important for companies to take the necessary steps to protect themselves.”

It has been nearly five years since the first memcached attacks were reported, but in the last few weeks they have grown in popularity, and even include ransoms. It’s clear these are going to be a feature unless memcached server operators get their act together.

DDoS Protection Powered by  DDos-GuarD

The Always Connected PC – Leave Your Power Cord Home

The Always Connected PC – Leave Your Power Cord Home

At the Qualcomm Snapdragon Technology Summit in Hawaii, Microsoft and Qualcomm jointly announced the introduction of the Always-Connected PC, or AC-PC for short. They were joined by ASUS announcing the NovaGo, HP announcing the Envy X2, and Lenovo with an announcement of a new AC-PC to be made in January at CES. ASUS was the only OEM to announce pricing – a 64GB/4GB storage/memory configuration for $599 and a 256GB/8GB configuration for $799.

The “Always Connected PC” is a term coined by Microsoft and Qualcomm to essentially represent a Windows PC using an Arm-based smartphone SoC, the Snapdragon 835, instead of an x86 processor from AMD or Intel. The advantages of such a PC are longer battery life by using a low-power processor that offers performance comparable to low- to mid-range traditional x86 processor and connectivity anywhere with an integrated cellular modem plus wi-fi.

The concept of the AC- PC is not new. In 2012, Microsoft launched the Surface RT using an Arm-based processor from NVIDIA running a custom version of Windows called Windows RT. Unfortunately, the inability to run legacy PC Windows applications doomed the project from the start. This time around, the AC-PCs are using the latest and full version of Windows.

The AC-PCs will ship with Windows 10S but also offer a free upgrade to Windows Pro if the consumer desires. To run legacy x86 applications, Microsoft has emulation software that runs 32-bit Windows applications on an Arm SoC.

While running an emulated version of the software will slow performance, Microsoft is caching the translated software the first time it is run and uses other software optimizations to reduce the performance impact.

Apparently, most of this is incorporated into Windows 10S, not Windows Pro. However, it is important to note that Windows 10S is just the latest version of Windows 10, not a completely custom version like Windows RT.

Microsoft even went so far as to indicate that some applications may see higher performance under certain conditions because the Arm-based Snapdragon processor will not face the thermal limitations of traditional x86 PC processors.

As a result, Microsoft positioned the AC-PC for everyone from consumers to enterprise users. The PC OEMs, however, are positioning the platform more for consumers and creators.

With the NovaGo, ASUS took a traditional foldable clamshell design approach. The overall dimensions are similar to other comparable x86 PCs, but it does make for a light-weight and sleek looking platform. HP, on the other hand, took the productivity tablet approach, which resulted in a very thin (6.9mm) tablet with a detachable keyboard and stand. Both units have an estimated active use battery life of 20 hours and standby power up to 30 days.

In tests by the partners, the average user charged the units about once a week on average, which also coined the term “leave your power cord home”. This type of battery life offers the user the freedom from the daily worrying about finding the next wall socket.

The AC-PCs look and feel like other PCs and productivity tablets, which may cause confusion with consumers. Should you classify this with a traditional PC, a Chromebook, or a tablet? It runs Windows like a PC, but has the mobile processor of a Chromebook or tablet. In addition, it has a SIM card like a smartphone, but you cannot run Android or iOS apps on the platform, nor can you make calls or send texts. As a result, the platform does stand out from the crowd in form or function, but this may be a lesson learned from the Surface RT.

Unlike the Surface RT, Microsoft is not offering its own Surface-branded AC-PC. Microsoft has taken a more traditional market approach to enabling its partners. At this point, details are not available about how carriers will accommodate or charge services for the new platform. Treating the AC-PCs the same as other PCs seems the obvious solution, but even this is a dilemma for carriers.

On one hand, adding more devices to a user’s account reduces the risk that they will switch carriers in the future. On the other hand, carriers must deal with an always-connected device with a larger screen and longer battery life that is likely to consume more data. So, will carriers be willing to just add these to existing accounts with unlimited data plans for a nominal monthly charge? We should know more when the products are launched in Q1 2018.

Microsoft hinted at more partners and differentiated platforms in the near future. The first units are using the Qualcomm Snapdragon 835, but new devices could be using the new Snapdragon 845 just announced by the end of next year. The long-term relationship between Microsoft and Qualcomm on phones and Microsoft’s long desire to offer Arm-based PCs points to continued support for the platform going forward offering a competitive solution to traditional x86-based PCs.

I am surprised that Microsoft and its partners did not differentiate the platform in terms of form, function or even the business models with the carriers to drive more disruption into the PC market, but I am excited to get my hands on one to test for a range of usage models. Smaller, lighter, and longer battery life does come at a price.

I would expect some performance limitations with certain enterprise applications that will require emulation on Windows Pro and/or high storage bandwidth. However, the platform may be just what the average consumer needs for use with Microsoft Office or Google Docs, movie streaming, social networking and even light content creation.

Williams Takes Pole Position in the Race for Formula One Information Protection

Williams Takes Pole Position in the Race for Formula One Information Protection

Symantec Corp. (NASDAQ: SYMC), the global leader in cybersecurity, today announced it is helping Williams combat the latest threats and accelerate its security posture ahead of the 2016 Formula 1 season. Continue reading Williams Takes Pole Position in the Race for Formula One Information Protection

Right to be Forgotten: 75% of employees likely to exercise rights under GDPR

Right to be Forgotten: 75% of employees likely to exercise rights under GDPR

New research by data security company, Clearswift, has shown that 75% of employees are likely to exercise their right to be forgotten (RTBF). The principle also known as ‘right to erasure’ dictates that an individual can request their data to be removed or deleted when there is no compelling reason for a business to continue processing that information. Continue reading Right to be Forgotten: 75% of employees likely to exercise rights under GDPR

5 Cloud Computing Predictions for 2018

5 Cloud Computing Predictions for 2018

Just a few years ago, not many predicted cloud computing would reach the heights we’ve seen in 2017 – 79 percent of companies now run workloads in the cloud (split almost evenly between public and private clouds). With the cloud bar constantly being raised, where do we go from here? Here are five predictions for the future of Cloud Computing in 2018. Continue reading 5 Cloud Computing Predictions for 2018