BillAgain. HTTP 1.1 is broken. HTTP 2 is broken. Let's just agree to head back to gopher. I should set up a VM in Azure as a gopher host.
https://www.darkreading.com/vulnerabilities-threats/internet-wide-vulnerability-giant-ddos-attacks
TechHelpKB.com 📚DDoS attacks are getting bigger and more powerful since the HTTP/2 Rapid Reset vulnerability was disclosed, and that's a really bad thing
#ddos #http #rapidreset #vulnerability
https://tchlp.com/4798GKj
Pierre PrinettiRoy Fielding on #RapidReset: "that CVE is completely irresponsible. A CVE is supposed to list known vulnerabilities in released software, not potential vulnerabilities in all implementations of a single protocol"
https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0068.html
Re: Prague side meeting: HTTP/2 concurrency and request cancellation (CVE-2023-44487) from Roy T. Fielding on 2023-10-14 ([email protected] from October to December 2023)
PrivacyDigestHTTP/2 Rapid Reset: A New #Protocol #Vulnerability Will Haunt the Web for Years
Dubbed “HTTP/2 Rapid Reset,” the flaw requires issuing patches to virtually every #webserver around the world before the problem can be eradicated.
#Http2 #rapidreset #http2rapidreset
Marcel SIneM(S)US#RapidReset: Angreifer nutzen Lücke im HTTP/2-Protokoll seit August 2023 aus | Security https://www.heise.de/news/Rapid-Reset-Angreifer-nutzten-Luecke-in-HTTP-2-Protokoll-seit-August-2023-aus-9330889.html #HTTP2
Scripter 
Rapid Reset DDoS-Angriff: Eine neue Gefahr für die Sicherheit im Netz
https://tarnkappe.info/artikel/cyberangriff/rapid-reset-ddos-angriff-eine-neue-gefahr-fuer-die-sicherheit-im-netz-281322.html #Cybercrime #RapidReset #RapidResetAttack
https://tarnkappe.info/artikel/cyberangriff/rapid-reset-ddos-angriff-eine-neue-gefahr-fuer-die-sicherheit-im-netz-281322.html #Cybercrime #RapidReset #RapidResetAttack
Juan Zago#RapidReset, que es nombre asignado a la #vulnerabilidad #0day, permite realizar ataques #DDoS a través de un fallo estructural del protocolo #HTTP2
mle✨A couple of new things from the #CensysResearch team this week!
➡️ Unmasking Deception: Navigating Red Herrings and Honeypots (https://censys.com/red-herrings-and-honeypots/): A deep dive into some unusual, large scale #honeypot activity our team observed over the last few weeks. I'm a bit biased, but this is a really fun read about weird things on the Internet. Pairs nicely with morning coffee ☕ (or coffee anytime).
➡️ HTTP/Who? CVE-2023-44487 (https://censys.com/http-who-cve-2023-44487/) With the recent #HTTP2 #RapidReset vulnerability announced by #Cloudflare, #Google, and others, we examined the mechanics of the vulnerability, along with how prevalent HTTP/2 is. We currently see over 555 million hosts that appear to have the ability to upgrade to HTTP/2. More details in our post.
#CVE202344487
#securityResearch #infosec #cybersecurity #threatResearch
Avoid the Hack! 
Organizations Respond to HTTP/2 Zero-Day Exploited for DDoS Attacks
"HTTP/2 Rapid Reset" used for record-breaking denial of service attacks, with requests peaking at hundreds of millions per second.
The vulnerability that enables this attack is tracked as CVE-2023-44487.
There are a ton of advisories covering this. This article is a nice summary of them all.
It's also been added to CISA's known exploited vulnerabilities catalog.
#cybersecurity #infosec #security #ddos #rapidreset
https://www.securityweek.com/organizations-respond-to-http-2-zero-day-exploited-for-ddos-attacks/
Matthias Schmidt#RapidReset: Angreifer nutzen Lücke im #http2 Protokoll seit August 2023 aus |
Bei 100 Anfragen, von denen 50 Prozent verworfen werden, liegt eine Rapid-Reset-Attacke nahe. Demzufolge bietet es sich an, HTTP/2-Server so zu konfigurieren, dass sie solche Verbindungen schließen.