ARN - The voice of the Au New Zealand
The source for IT industry news, views and analysis across the channel, business and technology
Google warns of 'exponential' rise in DDoS attack volumes - Reseller News
Google has revealed it fought off a 2.5 Tbps DDoS attack in 2017, with the company flagging exponential growth in DDoS attack volumes.
Google has revealed it fought off a 2.5 Tbps distributed denial-of-service (DDoS) attack in 2017, with the company flagging exponential growth in DDoS attack volumes. Our infrastructure absorbed a 2.5 Tbps DDoS in September 2017, the culmination of a six-month campaign that utilised multiple methods of attack, Google Cloud security reliability engineer Damian Menscher said in a blog post. Despite simultaneously targeting thousands of our IPs, presumably in hopes of slipping past automated defenses, the attack had no impact. The attacker used several networks to spoof 167 Mpps (millions of packets per second) to 180,000 exposed CLDAP, DNS, and SMTP servers, which would then send large responses to us. This demonstrates the volumes a well-resourced attacker can achieve: This was four times larger than the record-breaking 623 Gbps attack from the Mirai botnet a year earlier. It remains the highest-bandwidth attack reported to date, leading to reduced confidence in the extrapolation, he added. In separate blog post, Shane Huntley, from Googles Threat Analysis Group, said: our Security Reliability Engineering team measured a record-breaking UDP amplification attack sourced out of several Chinese ISPs (ASNs 4134, 4837, 58453, and 9394), which remains the largest bandwidth attack of which we are aware. Googles move to publicly discuss the attack comes as it provides an update on what its seeing and how threat actors are changing their tactics in the lead up to the US general election in November and, more broadly, what its doing to minimise or mitigate the effects of such attacks, which appear to be on the rise. Credit: Google The exponential growth across all metrics is apparent, often generating alarmist headlines as attack volumes grow, Menscher said, referring to Googles own data on largest known DDoS attacks, which indicates an exponential increase in such attacks over the past five years or so. But we need to factor in the exponential growth of the internet itself, which provides bandwidth and compute to defenders as well. After accounting for the expected growth, the results are less concerning, though still problematic, he added. According to Menscher, given the data and observed trends available, security teams such as Google Clouds Threat Analysis Group (TAG) can extrapolate to determine the spare capacity needed to absorb the largest attacks likely to occur. While we can estimate the expected size of future attacks, we need to be prepared for the unexpected, and thus we over-provision our defences accordingly, he said. Additionally, we design our systems to degrade gracefully in the event of overload, and write playbooks to guide a manual response if needed. Huntley, meanwhile, said that addressing state-sponsored DDoS attacks, such as those seen in the lead-up to the US election, requires a coordinated response from the internet community, with Google working with others to identify and dismantle infrastructure used to conduct attacks. Going forward, well also use this blog to report attribution and activity we see in this space from state-backed actors when we can do so with a high degree of confidence and in a way that doesnt disclose information to malicious actors, he said. Join the newsletter! Error: Please check your email address. Tags Googleddos
AWS honours top A/NZ partners - ARNnet
Amazon Web Services has named its top performing partners in Australia and New Zealand for the past year.
Davinia Simon (AWS) Credit: AWS Amazon Web Services (AWS) has named its top performing partners in Australia and New Zealand for the past year. During a virtual event hosted by Davinia Simon, AWS head of channel and alliances, the company revealed the winners and finalists of the annual Australian and New Zealand APN (Amazon Partner Network) Awards, which celebrate technical proficiency and proven customer success in specialised AWS cloud solution and technology areas and industry segments. This year, we are pleased to see our partners drive growth in new specialist areas such as data and analytics and machine learning to deliver their customer's forward-thinking solutions that help solve some of the most complex business challenges, Simon said during the event. AWS has a thriving community of partners and we are inspired by the rapid innovation, resiliency and resolve shown particularly during COVID-19, to help customers mobilise remote workforces, maintain business continuity, and develop innovative responses to protect customers and citizens." We are excited to see what future opportunities lie ahead as we work with the APN to discover new ways to achieve success with the breadth and depth of services that AWS offers, she added. This years winners and finalists were: APN Application Transformation and Migration Partner of the Year Winner: Mantalus Finalists: Consegna, Versent APN Data, Analytics and Machine Learning Partner of the Year Winner: Max Kelsen Finalist: Contino, Bigmate APN Customer Experience Partner of the Year Winner: Deloitte Finalists: Cloudwave, DXC APN Social Impact Partner of the Year Winner: Arq Group Finalists: Transpire, Tigerspike APN Global Systems Integrator Partner of the Year Winner: Deloitte Finalists: DXC, Tata Consultancy Services APN Technology Partner of the Year Winner: Bigmate Finalists: Tanda, Tape Ark APN Consulting Partner of the Year Winner: CMD Solutions Finalists: Mantalus, Contino Join the newsletter! Error: Please check your email address. Tags AWS
Top five tech trends for the next decade - Reseller News
So-called human “digital twins” will be one of the top decade-defining technology trends as the world “moves beyond screens and keyboards”
So-called human digital twins will be one of the top decade-defining technology trends as the world moves beyond screens and keyboards. According to a report by Gartner, as technology becomes increasingly integrated with peoples' lives, digital representations of ourselves, such as digital passports and social distancing technologies, will become more prevalent. In the wake of the COVID-19 pandemic, the analyst firm claimed health technology, those like Chinas Health Code and Indias Aarogya Setu, could be required for access to public spaces and transportation, although privacy issues may prevent mass take-up in a number of markets. The report, Hype Cycle for Emerging Technologies, 2020, claimed these new devices would relate to voice, vision, gesture, to the point of even directly altering brains. Another mega-trend, especially in the enterprise world, will be composite architecture with solutions composed of packaged business capabilities that are built on a flexible data fabric. According to Gartner, this should be a built-in intelligence that is decentralised and extends outward to edge devices and the end user. In order for organisations to be more agile, technology such as composable enterprise, packaged business capabilities, data fabric, private 5G, embedded artificial intelligence (AI) and low-cost single-board computers at the edge should be tracked. In terms of artificial intelligence, technologies that can dynamically change to respond to situational variances will accelerate, especially among user experience and application designers. AI-assisted design, including augmented development, ontologies and graphs, small data, composite AI, adaptive ML, self-supervised learning, generative AI and generative adversarial network, could become more prevalent in organisations. Another major trend identified by Gartner will be algorithmic trust models that ensure privacy and security of data, source of assets and identity of individuals and things. According to the analyst, these will minimise the risk and costs of losing the trust of enterprises customers, employees and partners. Technologies tied to this could include secure access service edge (SASE), differential privacy, authenticated provenance, bring your own identity, responsible AI and explainable AI. The final key trend will see technology moving beyond just chips and boards, especially as technology approaches the physical limits of silicon. According to Gartner, critical technologies to be considered include DNA computing, biodegradable sensors and carbon-based transistors. Join the newsletter! Error: Please check your email address. Tags Gartnertrends
Microsoft paid US$13.7M to bug bounty hunters - Reseller News
Microsoft has handed out US$13.7 million in “bounty” to a global army of cyber security hackers for uncovering bugs.
Microsoft has handed out US$13.7 million in bounty to a global army of cyber security hackers for uncovering bugs. Paid over the last 12 months, the figure is more than three times the US$4.4 million the technology giant awarded over the same period last year. During this year, Microsoft launched six new bounty programs and two new research grants, which it claims attracted more than 1,000 eligible reports from over 300 researchers across six continents. Microsoft has 15 bounty programs in total and said it saw strong researcher engagement and higher report volume during the first several months of the COVID-19 pandemic. The security landscape is constantly changing with emerging technology and new threats. By discovering and reporting vulnerabilities to Microsoft through Coordinated Vulnerability Disclosure (CVD), security researchers have continued to help us secure millions of customers, the vendor said in a blog post. Widely used by technology vendors, including Atalassian, bug bounty platforms connect security researchers with organisations wanting extra scrutiny. In exchange for reporting a security flaw, the researcher receives payment (a bounty). Earlier this year, Microsoft called on security research community to help identify and fix high impact vulnerabilities in its Azure Sphere internet of things (IoT) security solution, which has been released into general availability. Join the newsletter! Error: Please check your email address. Tags Microsoft
New Google default wipes users' location and web history after 18 months - Reseller News
Google has said it will automatically delete some location history after 18 months for new users and make it easier for everyone to access its search, Maps and YouTube apps without being tracked.
Google has said it will automatically delete some location history after 18 months for new users and make it easier for everyone to access its search, Maps and YouTube apps without being tracked. The updates to Google's privacy controls arrive as the world's largest search engine faces heightened scrutiny on its data collection practices. New privacy laws in California and Europe have prompted internet companies to adjust practices over the last two years. Several lawsuits by consumers and US state attorneys general in the last few months have accused Google of deception in data gathering. Under Google's updated settings, YouTube's viewing history of new users will disappear after 36 months and location tracking and web browsing history will get dropped after 18 months. Users have the option of choosing shorter or longer timeframes. However, Google may still be able to access and store location details in other ways. Users can more easily search in what Google calls "incognito mode," by just holding down their profile picture at the top of the search, Maps or YouTube apps. Previously, an additional click in the apps' menu was required. Google does not keep a log of users' activity when they are in incognito. The company derives most of its revenue from ads, which are typically based on data about what users are watching and reading and where they are located. Alphabet Chief Executive Sundar Pichai last year acknowledged that the company gathers more data than necessary for ads and committed to minimize its collection. (Reporting by Paresh Dave; Editing by Richard Chang) Join the newsletter! Error: Please check your email address.
AWS packages up CodeArtifact for Sydney region - Reseller News
AWS has released its fully managed software artifact repository service CodeArtifact across multiple AWS regions, including Sydney.
Apple and Google update coronavirus contact tracing tech ahead of launch - Reseller News
Apple and Google have updated technical details of the coronavirus contact tracing system they plan to release next month, saying new features would strengthen privacy protections and give health authorities more detailed data.
Apple and Google have updated technical details of the coronavirus contact tracing system they plan to release next month, saying new features would strengthen privacy protections and give health authorities more detailed data. The system, announced on April 10, will use Bluetooth technology to let authorities build apps to alert people who have been in proximity with those who have tested positive for the novel coronavirus. The technology does not employ GPS location data and stores most sensitive data in a decentralised way on users' phones. The approach opened a rift with European governments planning systems that would store data on centralised servers. Without the Apple-Google technology, apps built by those governments will face limitations such as needing a phone's screen to be unlocked to work properly. Health and privacy researchers also cited privacy concerns that the companies addressed by making it harder to use system-generated data to track people. The numbers that identify users will be randomly generated, and so-called "metadata" such as Bluetooth signal strength and users' phone models will now be encrypted along with primary data about who they have been near. "Exposure time," or how long two phones have been near each other, will be rounded to 5-minute intervals, to prevent using detailed time data to match up phones to people. The companies also sought to address health researchers' concerns that the system would be ineffective. Since Bluetooth signals can penetrate some walls and can be detected even when brief and faint, researchers worried about false alerts from neighbors in apartment buildings or passers-by in public spaces. Apple and Google will now provide data about Bluetooth power levels to better estimate how close two phones came to each other and for how long, letting authorities set their own thresholds for when to alert people. The companies also said they would provide data on how many days had passed since the last contact with an infected person, to help authorities notify users about what steps to take. On 26 April, the Australian Government launched its controversial coronavirus tracing app, promising to legislate privacy protections around it as authorities try to get the country and the economy back onto more normal footing. The app, which is based on Singapore's TraceTogether software, uses Bluetooth signals to log when people have been close to one another. However, it has been criticised by civil liberties groups as an invasion of privacy. (Reporting by Stephen Nellis; Editing by Richard Chang) Join the newsletter! Error: Please check your email address. Tags GoogleApple
Apple disputes claim iPhone and iPad flaw was used against customers - Reseller News
Apple claims it has found "no evidence" a flaw in its email app for iPhones and iPads has been used against customers, and that it believes the flaw does "not pose an immediate risk to our users".
Apple claims it has found "no evidence" a flaw in its email app for iPhones and iPads has been used against customers, and that it believes the flaw does "not pose an immediate risk to our users". San Francisco-based security firm ZecOps previously detailed a flaw that it said may have left more than half a billion iPhones vulnerable to hackers. Zuk Avraham, ZecOps' chief executive, said he found evidence the vulnerability was exploited in at least six cybersecurity break-ins. Avraham said he found evidence that an attacker was taking advantage of the vulnerability as far back as January 2018, but that he could not determine who the hackers were. His claim was unable to independently verified. Apple has acknowledged the vulnerability existed in its software for email on iPhones and iPads, known as the Mail app, and said the company had developed a fix that will be introduced in a forthcoming update to millions of devices it has sold globally. Apple subsequently disputed Avraham's evidence that the hack had been used against iPhone users. "We have thoroughly investigated the researcher's report and, based on the information provided, have concluded these issues do not pose an immediate risk to our users," Apple said in a statement. "The researcher identified three issues in Mail, but alone they are insufficient to bypass iPhone and iPad security protections, and we have found no evidence they were used against customers." Avraham did not immediately respond to a request for comment on Apple's statement. (Reporting by Stephen Nellis in San Francisco and Christopher Bing in Washington; Editing by Christopher Cushing) Join the newsletter! Error: Please check your email address. Tags AppleiPhonesecurity