The freelancer platform Elance has been under a sustained distributed denial-of-service (DDoS) attack for more than a day, making the service unavailable for many users — but apparently not compromising their data. Rival oDesk, with which Elance will soon merge, was also hit by a separate attack.
The Elance episode seems to have been a so-called NTP reflection attack, judging from an Elance tweet referencing a piece I recently wrote about the technique. Such attacks use botnets and badly configured NTP servers — essentially time checks for computers’ clocks — to amplify a small amount of data into a large one that overpowers the targets’ systems.
Mountain View, Calif.-based Elance has over 4 million users (it will roughly double that through its upcoming
View original post 181 more words