Coffee Break // Cyber News 03
Good morning guys and girls, I hope everyone has made it to Friday sane and a little richer than on Monday.
First, a quick matter of housekeeping. You may notice that a comments section has been enabled at the foot of this blog. Please chime in and let me know your takes on things!
The comments section of a given post should accept new comments for up to about a month after a post goes live. If you run into any issues with the comments section, please contact me through a different communication channel.
My security training trundles along this week with a focus on memorizing port numbers (some of the important ones, at least) and filling gaps in my knowledge. At this point I have a fairly good idea of what topics will be on the exam, and am methodically learning the ones that I can’t readily explain.
Practicing mastery of a topic by explaining it out loud is a process I’ve heard called the “Rubber Duck Method.” I endorse it fully—for me the most natural way to mentally manipulate a subject is to yap about it.
//
In the news.
A record setting UDP carpet bombing was mitigated by Cloudflare. The DDoS attack in question sent a whopping 11.5 Terabits per second (Tbps) for nearly a minute.
To put that in perspective, streaming an HD video from Netflix would take maybe as much as 7 Mbps. This attack was like 1.64 million devices trying to send video all at once to a single endpoint.
In international news, China is sanctioning U.S. companies that support Taiwan’s military capabilities. The companies affected include satellite communications companies and unmanned aquatic vehicle manufacturers.
As per the Guardian, Microsoft has terminated it’s contract with the Israeli military’s famous Unit 8200. Evidently Israeli forces were utilizing Microsoft’s Azure cloud service to store millions of Palestinian phone calls that were being made each day in Gaza.
“We do not provide technology to facilitate mass surveillance of civilians. We have applied this principle in every country around the world, and we have insisted on it repeatedly for more than two decades.”
—Brad Smith, Microsoft vice-chair and presidentFinally today, we have a report that at least one unspecified U.S. government agency was breached by a threat actor with suspected ties to the Chinese state. The hackers have evidently been exploiting the flaws for months. Yikes.
