Internet services provider Cloudflare has announced that it has successfully protected one of its clients from one of the most powerful DDoS (Distributed-Denial-of-Service) attacks in history. According to the services provider, an undisclosed cryptocurrency platform was targeted by a botnet comprising around 6,000 "zombie" computers distributed throughout 112 different countries. The botnet ultimately generated a collective 15.3 million requests per second. While that's still shy of the largest recorded metric - set at 17.2 million requests per second - the fact that the DDoS attack occurred through HTTPS likely pushed its complexity above the record-setting attack, due to the higher computational workload of secure HTTP. The attack lasted 15 seconds.

DDoS attacks aim to flood a network with requests and data packets in a bid to overload and paralyze it. The attack also showcases the ingenuity of bad actors, as the originated from cloud-based ISPs, as attackers leverage more complex and capable networking hardware than what's usually offered by last-mile ISPs. According to Cloudflare, the botnet seems to have mostly compromised systems with Java-based applications that were still open to the recently-discovered CVE-2022-21449 vulnerability.

TechPowerUp today released the latest version of TechPowerUp GPU-Z, the handy graphics sub-system information and diagnostic utility for gamers and PC enthusiasts. Version 2.44.0 adds support for several new GPUs, feature updates to the Resizable BAR detection, and a handful other fixes. To begin with, GPU-Z adds support for NVIDIA GeForce RTX 3050, RTX 3080 12 GB, RTX 3070 Ti Mobile, RTX 3050 Ti Mobile, RTX 2060 12 GB, MX550, and a number of other mobile GPUs from NVIDIA. On the AMD front, you get support for Navi 24: Radeon RX 6500 XT, RX 6400, RX 6300M, RX 6500M, PRO W6300M, PRO W6500M, and PRO W660M. Support is also added for Intel "Alder Lake" non-K processors, "Alder Lake" mobile processors, and Xeon processors based on "Rocket Lake."

TechPowerUp GPU-Z can now report the exact base-address register (BAR) size when Resizable BAR is enabled. Find it in the Advanced Panel, under Resizable BAR. Detection of Resizable BAR has been improved. Detection of LHR in certain RTX 3060 cards has been improved to weed out misreporting of LHR. Vendor detection was added for Vastarmor. The internal Screenshot hosting utility now uploads screenshots over HTTPS. The 64-bit Windows Vista name will now include a space character, so "Vista 64" instead of just "Vista64." Grab GPU-Z from the link below.

DOWNLOAD: TechPowerUp GPU-Z 2.44.0

If you're reading this news post right now, you have been making use of the World Wide Web. Easily one of the most relevant inventions in humanity's history, the World Wide Web has become an inextricable part of our lives, either personal, technological, commercial, political, or otherwise. It has become a fabric of reality, and has been the enabler of technological innovations such as the blockchain (in all possible protocols and permutations that currently exist), as well as an enabler for NFTs (Non Fungible Tokens). An NFT is a guaranteed, authenticated original digital file, essentially - and it doesn't matter how many copies of a given digital file are eventually made, the nature of the blockchain makes it so that ownership of the original work is crystal clear throughout the public blockchain sphere.

As such, it's in one way poetic that the Internet's source-code, as developed by Tim Berners-Lee, has now been married to an NFT - a piece of art that exists only in the online world. Auctioned with a $1,000 starting bid, the NFT for the world wide web includes the original time-stamped programming files, containing 9,555 lines of code written by Berners-Lee. This includes the implementations of the languages and protocols ( HTML, HTTP, and URIs) also written by Tim, and which are still the cornerstone of today's internet. The NFT also includes a 30-minute animated visualization of developers writing the code, a letter written by Berners-Lee where he explains the creation process, and a digital "poster" of the code featuring a graphic of his signature. All four items are digitally signed, and are thus authenticated as non-fungible originals - which led to the NFT's final sale price of $5.4 million.

As the internet evolves and becomes more of the organic, ever-evolving system that it has been coming towards, there is a need to leave behind old protocols that have served us well - but that are now standing in the way of progress. It's always like that with (but not limited to) technology, and now, it's time for TCP's (Transmission Control Protocol) review. The idea is for it to make way for its leaner, faster cousin with some upgrades: the Google-proposed - and meanwhile much-altered by IETF, the Internet Engineering Task Force - QUIC (Quick UDP Internet Connections).

QUIC has been built upon UDP (User Datagram Protocol), which is leaner than TCP, but lacks some much-needed features for a safe Internet. UDP doesn't incorporate Reliability (knowledge of missing data from the origin point), or Order (meaning that data is received in the order it is transmitted), things that TCP does include, right alongside Error-correction (detection of in-transit corruption of data).

Google has been one of the more vocal advocates of a HTTPS-based web, and the company is mounting an offensive of sorts that aims to push web page managers to adopt the more secure protocol. Starting July of this year, with Chrome 68, the Google web browser will start marking all non-HTTPs websites as "Not secure", thus warning users of heightened security risks. From the way Google is doing this, it seems the company hopes users that see the "Not secure" badge on web pages will start gradually choosing other options for their web surfing habits - HTTPS-enabled options, ideally - and thus force page managers to upgrade their security to stem the leaving user base.

Google has some interesting bullet points as it pertains to the adoption of HTTPS; they say that over 68% of Chrome traffic on both Android and Windows is now protected; over 78% of Chrome traffic on both Chrome OS and Mac is now protected; and that 81 of the top 100 sites on the web use HTTPS by default (which this editor would personally expect to be closer to 100 out of 100, but there are just some websites that really can't be moved). In the blog post announcing the change, Google engineers also bring attention to the company's Lighthouse utility, which automagically scans web pages for non-HTTPS elements, highlighting them, and noting those that can easily and painlessly be converted to their secure, HTTPS equivalent - which in some cases, might even enable more powerful tools.

Researchers have recently discovered a critical flaw that affects all WPA2 protected Wi-Fi devices. This can't be remedied solely by user intervention, or password changes, or even by the usage of HTTPS website; this is a flaw with the core of WPA's protection scheme, and means that an attacker could intercept every single traffic data point that your device sends over Wi-Fi, including passwords, credit card details, images - the whole treasure trove. Adding insult to injury, it's even possible for attackers using this method to inject malware into your devices. The new attack method - dubbed KRACK for Key Reinstallation Attack - basically forces your device's encryption code to default to a known, plain-text all-zero decryption key, which is trivial for hackers to reuse.

Adding to the paranoia, this is basically a device and software-agnostic attack - it's effective against devices running Android, Linux, and OpenBSD, and to a lesser extent macOS and Windows, as well as MediaTek Linksys, and other types of devices. HTTPS isn't the best solution either, simply because some website's implementation of it isn't the best, and there are scripts (such as SSLScript) that can force a website to downgrade its connection to a simple HTTP link - which can then be infiltrated by the attacker.

As part of Google's push towards a safer, HTTPS-encrypted web, the Chrome browser will begin marking any HTTP site as non-secure when a user browses in incognito mode. Incognito is the Chrome browser's enhanced privacy mode, which goes a long way in explaining why Google sees non-HTTPS sites as a non-secure place to visit. Save some network metadata, encrypted HTTPS connections keep the contents of the communications between the user and a web server hidden from outside parties - in normal circumstances, that is. The company is already marking HTTP web-pages that accept credit card details as not-secure, and starting October this year, the browser will do the same on every HTTP site in which the user has to input data, and for every HTTP page browsed in Incognito mode.

Interestingly, Google has advanced that traffic to pages it has marked "Not Secure" has dropped by 23%, which goes to show that such policies do impact a user's decision on whether or not to establish such a connection. In addition, Google started scrambling its search engine algorithm so as to feature HTTPS sites more prominently than sites that don't. This means that websites that see diminishing visitors should be more inclined towards a adopting the more secure, encrypted HTTPS. And in an era where every scrap of our information is deemed worthy of at least being stored and resold, I find it commendable that Google thinks every piece of information should be secured, instead of just our payment information - which even that isn't always secure.