- cross-posted to:
- technews@radiation.party
- cross-posted to:
- technews@radiation.party
Skip straight to the Google security blag if you want actual details, the verge article has none.
Now do who.
This is the best summary I could come up with:
Cloudflare, Google, Microsoft, and Amazon all say they successfully mitigated what two of the companies called the biggest DDoS layer 7 attacks they’ve recorded in August and September, though none said who the attacks were directed against.
The companies say the attacks were possible because of a zero-day vulnerability in the HTTP/2 protocol they’ve named “HTTP/2 Rapid Reset.”
HTTP/2 speeds up page loading by allowing for multiple simultaneous requests to a website over a single connection.
Cloudflare writes that these attacks apparently involved an automated cycle of sending and immediately canceling “hundreds of thousands” of requests to websites that use HTTP/2, overwhelming servers and taking them offline.
Google goes into detail in a blog post about how the attacks worked, so do head over there if you want to roll your sleeves up and read about it.
Update October 10th, 2023, 1:20PM ET: Added that Microsoft has disclosed that its cloud infrastructure was affected as well.
The original article contains 281 words, the summary contains 156 words. Saved 44%. I’m a bot and I’m open source!
deleted by creator