Connect with us

ZDNET

Citrix devices are being abused as DDoS attack vectors

Citrix says it’s working on a fix, expected next year.

Published

on

Citrix Images: Citrix // Composition: ZDNet

Threat actors have discovered a way to bounce and amplify junk web traffic against Citrix ADC networking equipment to launch DDoS attacks.

While details about the attackers are still unknown, victims of these Citrix-based DDoS attacks have mostly included online gaming services, such as Steam and Xbox, sources have told ZDNet earlier today.

The first of these attacks have been detected last week and documented by German IT systems administrator Marco Hofmann.

Hofmann tracked the issue to the DTLS interface on Citrix ADC devices.

DTLS, or Datagram Transport Layer Security, is a more version of the TLS protocol implemented on the stream-friendly UDP transfer protocol, rather than the more reliable TCP.

Just like all UDP-based protocols, DTLS is spoofable and can be used as a DDoS amplification vector.

What this means is that attackers can send small DTLS packets to the DTLS-capable device and have the result returned in a many times larger packet to a spoofed IP address (the DDoS attack victim).

How many times the original packet is enlarged determines the amplification factor of a specific protocol. For past DTLS-based DDoS attacks, the amplification factor was usually 4 or 5 times the original packet.

But, on Monday, Hofmann reported that the DTLS implementation on Citrix ADC devices appears to be yielding a whopping 35, making it one of the most potent DDoS amplification vectors.

Citrix confirms issue

Earlier today, after several reports, Citrix has also confirmed the issue and promised to release a fix after the winter holidays, in mid-January 2020.

The company said it’s seen the DDoS attack vector being abused against “a small number of customers around the world.”

The issue is considered dangerous for IT administrators, for costs and uptime-related issues rather than the security of their devices.

As attackers abuse a Citrix ADC device, they might end up exhausting its upstream bandwidth, creating additional costs and blocking legitimate activity from the ADC.

Until Citrix readies officials mitigations, two temporary fixes have emerged.

The first is to disable the Citrix ADC DTLS interface if not used.

Citrix ADC

If you are impacted by this attack you can disable DTLS to stop it. Disabling the DTLS protocol will lead to limited performance degradation, a short freeze and to a fallback.

Run following CLI command on Citrix ADC:
set vpn vserver <vpn_vserver_name> -dtls OFF https://t.co/Tpdnp8k9y3

— Thorsten E. (@endi24) December 24, 2020

If the DTLS interface is needed, forcing the device to authenticate incoming DTLS connections is recommended, although it may degrade the device’s performance as a result.

If you are making use of Citrix ADC and have enabled DTLS/EDT (UDP via port 443) you might need to run this command: “set ssl dtlsProfile nsdtls_default_profile -helloVerifyRequest ENABLED”. This will prevent you from future UDP amplification attacks. #NetScaler #CitrixADC

— Anton van Pelt (@AntonvanPelt) December 21, 2020

Actually the vast majority of deploys will become unstable with that. To be safe until January, better block UDP.

— Thorsten Rood (@ThorstenRood) December 22, 2020

Source: https://www.zdnet.com/article/citrix-devices-are-being-abused-as-ddos-attack-vectors/

citrix-devices-are-being-abused-as-ddos-attack-vectors

ZDNET

How Crocs used robots to rule the comfort economy

Sweatpants and comfortable kicks have had a heck of a run during the pandemic. You can thank the robots.

Published

on

crocs.jpg

Over the last year, Crocs emerged as a stay-at-home comfort essential and experienced unprecedented demand. As a result, the company quickly outgrew their distribution center and moved their e-commerce fulfillment into a larger pop-up warehouse. Included in the design was a recommendation to bring in automation to improve throughput, mitigate the risk of labor challenges and optimize capacity.

That’s where the robots, and in particular the automation solutions of a firm called 6 River Systems (6RS), come in.

Since implementing 6RS’ wall-to-wall fulfillment solution, including its collaborative mobile robot Chuck, Crocs has seen a 182% pick rate improvement. This increase in throughput was critical during the 2020 holiday peak season, and allowed Crocs to handle up to 4ok units per day, ensuring they were meeting heightened customer expectations.

Robots have become essential to scaling, and the solutions can now be brought online with unprecedented speed and minimal downtime. I spoke with Jerome Dubois, Co-Founder and Co-CEO of 6RS, to learn more about why warehouse automation was an essential component to scaling Crocs’ fulfillment operation and what the future holds for operations optimization.

GN: The setup and integration in the Crocs case seems quick. How does 6RS prioritize reducing downtime and how is it possible the automation solution is up and running so quickly?

Jerome Dubois: Over the course of the COVID-19 pandemic, Crocs has quickly become a comfort essential while most daily activities have been confined to our homes. As a result, their ecommerce demand took off in 2020 beyond the retailer’s expectations, and Crocs realized the need for a second distribution center to fulfill this heightened demand.

The Crocs’ team tapped our wall-to-wall fulfillment solution, powered by our autonomous mobile robot (AMR) Chuck, to help support fulfillment operations. Chuck is a collaborative mobile robot that uses machine learning and AI to guide associates through their work zones to help them minimize walking, stay on task and work more efficiently. Chuck, along with our cloud-based software and partner integrations, supports the entire fulfillment process.

The full design, integration and deployment for Crocs was completed in under 3 months just before holiday peak 2020. When go-live took place in early October 2020, the site ramped from first pick to full volume in just two days.

To achieve this, our team has an extensive, collaborative planning stage for any deployment. We develop a detailed plan before hitting the ground, which includes warehouse design and mapping, clear business objectives and a roadmap for achieving them. When designing a warehouse plan, every decision can have a significant impact on operational efficiency. Once a clear plan is in place that is tailored to that warehouse, implementation is usually quick and seamless. This timeline is fairly typical for our implementations as we prioritize our clients’ time and help them achieve results as quickly as possible.

GN: What’s the sweet spot for 6RS in terms of manufacturing capacity and ROI. In other words, at what size would implementation start to make sense?

Jerome Dubois: In most cases, 6 River Systems can accommodate several different capacities due to the flexibility that our wall-to-wall fulfillment system provides. The system allows for Chucks to be added or removed based on demand and available labor. The solution can be used in all put-away, picking, counting, replenishment and sorting tasks, helping associates work faster while also reducing picking errors. The power of our solution really shows in warehouses over 20,000 square feet that average a unit volume greater than 15,000 per day. These warehouses typically have over 5,000 SKUs with associates picking for at least 8 hours per day. On average, customers of all sizes improve pick rates by 2-3x and see ROI in less than a year.

GN: Are there other customers you can speak about publicly that might resonate with readers?

Jerome Dubois: One of our customers that might resonate with readers is Office Depot, a household name in the office supply space and one of the largest suppliers in the U.S. When Office Depot’s demand began shifting across e-commerce, B2B and retail, Office Depot found itself fulfilling more customer orders that contain fewer items per package. The company turned to 6 River Systems to help address the challenges of increased order volume and varied consumer purchasing behaviors by implementing Chucks. As a result, Office Depot improved warehouse safety, engaged and rallied its staff, reduced needless walking and sped up training with 6RS and Chuck. They eliminated warehouse injuries by 100% and reduced associate training time down to just one day. Full case study here.

Jerome Dubois: Over the course of the COVID-19 pandemic, Crocs has quickly become a comfort essential while most daily activities have been confined to our homes. As a result, their ecommerce demand took off in 2020 beyond the retailer’s expectations, and Crocs realized the need for a second distribution center to fulfill this heightened demand.

Source: https://www.zdnet.com/article/how-crocs-used-robots-to-lead-the-comfort-economy/

how-crocs-used-robots-to-rule-the-comfort-economy

Continue Reading

ZDNET

A useful Android privacy feature that most people have never heard of

Android has a useful hidden feature that the iPhone doesn’t.

Published

on

Ever handed your iPhone to someone and then remembered that one thing that you don’t want them to see?

Maybe a photo, or a test, a personal message, something private from work, or your stash of cat memes you’re collecting.

Whatever it is, we carry a lot of sensitive stuff on out smartphones, and it’s only natural to what to keep that stuff private.

But the developers who work on Android have thought about this, and added a feature that allows you to be able to hand your phone to someone else, while keeping your information private.

Must read: The best Android apps for power users in 2021: Track data usage, test connections, and more

That feature is called Guest mode.

This popped into my head the other day following a conversation with an Android user who said they wished there was a way to lock their private data but still allow others to make calls and use the internet.

That’s what this mode does.

Guest mode creates a temporary account on your smartphone that is free from any of your personal information. No photos. No contacts. No messages. No files.

It also disables the phone feature, but you can choose to activate that if you want.

So, how do you access this feature? Well, it normally lives at Settings > System > Advanced > Multiple Users, but not always. If you can’t find it, a search for users should bring it up.

Guest Mode on Android

Guest Mode on Android

When you find it, you’ll see it at the bottom of the list of Google accounts tied to the handset. To switch, tap on it, and the handset will switch over.

The process is fast and only takes a few seconds.

To switch back, navigate back to Multiple Users and tap Remove Guest.

If you want to give the Guest Mode access to the phone, before going into Guest, click on the cog next to it and enable Turn on phone calls.

Guest Mode can also optionally make calls

Guest Mode can also optionally make calls

Also, for quick access, you can make this feature available from the lock screen. Handy if you use it regularly.

It’s a cool feature that helps keep your private stuff private.

That feature is called Guest mode.

Source: https://www.zdnet.com/article/a-useful-android-privacy-feature-that-most-people-have-never-heard-of/

a-useful-android-privacy-feature-that-most-people-have-never-heard-of

Continue Reading

ZDNET

Cisco to acquire Sedonasys Systems for innovative NetFusion platform

Cisco said the Sedona NetFusion platform is the first to deliver complete network abstraction and control.

Published

on

Cisco announced on Tuesday that it was acquiring Hierarchical Controller market leader Sedonasys Systems in an effort to beef up its multi-vendor, multi-domain automation, and software-defined networking offerings.

Kevin Wollenweber, vice president of product management in the Service Provider Network Systems for Cisco, explained in a blog post that in order to expand the internet and operate networks at massive scale for the billions of new users coming down the pipeline, the internet had to be reinvented in certain ways.

Cisco is acquiring Sedonasys Systems primarily for its NetFusion platform, which has a Hierarchical Controller (HCO) that it said, “enables multi-vendor, multi-domain automation, and software-defined networking.”

Wollenweber said the Sedona NetFusion platform was the first company to offer “complete network abstraction and control” that helped CSPs manage their networks across a variety of domains, vendors, layers, and technologies, all as one single network.

The addition of Sedona NetFusion to Cisco Crosswork portfolio will allow the company to offer a more advanced network automation platform for Cisco’s Routed Optical Networking Solution.

“HCO is the brain that enables transformation like 5G network slicing, routed optical networking, and disaggregation. We have one simple goal in our network automation strategy — simplification,” Wollenweber said.

“Now, CSPs can gain real-time, dynamic, and seamless control of IP and optical multi-vendor networks together. They can quickly move from clunky, manual operations across siloed teams and technologies to a completely automated and assured network that’s easily managed through a single pane of glass.”

With Cisco Crosswork and Sedona NetFusion, users will have access to a real-time replica of the entire network to predictively manage any changes to the deployment, connectivity, and activation status of all network inventory.

Operators can preview optimization, assurance, and changes, and then commit them as needed, Wollenweber added.

Source: https://www.zdnet.com/article/ciscos-to-acquire-sedonasys-systems-for-innovative-netfusion-platform/

cisco-to-acquire-sedonasys-systems-for-innovative-netfusion-platform

Continue Reading

Title

CNBC6 hours ago

Target, CVS, Starbucks and other retailers ease mask mandates for fully vaccinated customers

Target, CVS and Starbucks joined a growing list of retailers and restaurants that will ease mask requirements for fully vaccinated...

Reuters8 hours ago

Disneyland Paris to re-open on June 17

Disneyland Paris (DIS.N) said on Monday that it would re-open on June 17, as French bars, restaurants and tourism sites...

ZDNET14 hours ago

How Crocs used robots to rule the comfort economy

Sweatpants and comfortable kicks have had a heck of a run during the pandemic. You can thank the robots.

CNBC16 hours ago

Airbnb says first-quarter revenue rose 5% as vacationers return to travel

Airbnb's net loss tripled, but the company expects its adjusted margin to improve in the second half of the year...

Business insider19 hours ago

SES Government Solutions Provides Medium Earth Orbit Satellite Services for Combatant Command

SES Government Solutions, a wholly-owned subsidiary of SES, in close partnership with a key U.S. Government customer, designed, developed and...

Cointelegraph22 hours ago

Here’s how Bitcoin’s intraday volatility complicates leverage trading

Derivatives exchanges offer up to 100x leverage, but traders must consider how Bitcoin's intraday volatility increases their liquidation risk.

Crunchbase1 day ago

Exclusive: Forager Chews On $4M To Digitize Local Food Access

Its platform digitizes and streamlines the discovery of new local food vendors, onboarding and management of those relationships.

Blockchain news1 day ago

Internet Computer (ICP): Everything You Need to Know

After Internet Computer ICP tokens were listed on a number of leading cryptocurrency exchanges, its price even exceeded the maximum...

Ventureburn2 days ago

AlphaCode awards R2-million and support to fintech startups

The 10 startups, which have just completed a three-month programme, competed for one of four places in an extended 6-month...

Entrepreneur2 days ago

7 Quick Ways to Make Money Investing $1,000

If you're shrewd, you can turn one thousand bucks into even more money. Here's how.

Review

    Select language

    Trending