Latest news with #BrianKrebs
Yahoo
4 days ago
- Yahoo
Taking a summer trip? Don't throw out your boarding passes, officials say
Flyers taking trips this summer may look at their boarding pass and just see their entry to an airplane. But your boarding pass contains a lot more than just your plane seat and gate number. It also includes codes that communicate details about passengers and their itineraries to airport staff. These include unique alphanumeric codes that identify reservation details, acronyms identifying a passenger's place in boarding and letters used to identify a passenger's fare class. And there's the code that flyers dread seeing: SSSS, which means they'll get additional security screening. Here's what air travelers should know about the codes on their boarding passes. Travel publications like Conde Nast Traveler and security experts like Brian Krebs of KrebsOnSecurity urge travelers not to throw out paper boarding passes, even after their flight has ended. Related: As TSA reportedly changes its shoes policy, don't forget these other airport security rules Because a boarding pass contains so much personal information about a traveler, scammers who find discarded boarding passes can use that information to access their accounts. That's why travel and security experts also advise against posting photos of a boarding pass online. Experts recommend flyers shred their paper boarding passes after using, or board using their mobile phones instead. These are some of the most common codes seen on airline boarding passes: SSSS: Secondary Security Screening Selection. These letters mean the passenger has been selected for additional screening, which can include luggage searches, pat-downs and additional questioning at the TSA checkpoint. PNR: Passenger Name Reference. It's an alphanumeric code used to uniquely identify a passenger's itinerary and basic information about them. Travelers need their PNR to look up information about their flights. ET or ETKT: Electronic Ticket. Some airlines use these acronyms instead of PNR to list the code that contains information about a passenger's itinerary. FQTV: Frequent Traveler. This code indicates the traveler is registered with the airline's frequent flyer or loyalty program. SEQ or SEQ NO: Sequence number. It indicates the passenger's place in boarding. Flyers discussing the code on the travel website FlyerTalk said the most coveted sequence code is "SEQ 001," which means the passenger is the first to board. BCBP: Bar-Coded Boarding Pass. It's a bar code that contains passenger information and is scanned to board a plane. The International Air Transport Association sets standards for bar codes on boarding passes, outlined in a lengthy guide; these include the size of the code, its readability and securing codes for fraud prevention. S/O: Stopover. The flight includes a layover in one or more airports. SPTC: Stopover Paid by the Carrier. This means the flight includes a layover that lasts longer than a few hours. It also signals overnight accommodations may be included. A or F: Indicates a first-class ticket. J: Business Class. It indicates the passenger's ticket is for a full-price business class fare. Y: Economy Class. Most airlines use this code to indicate the passenger is in economy class. Related: California has some of the best and worst airports for business travelers in the US: Study The TSA does not publish guidance that explains why people are selected for secondary screening. Anecdotal evidence suggests people are selected for various reasons, which can include: Unusual or suspicious travel patterns. Mistaken identity, often because the passenger's name appears on a TSA watchlist. One-way international flights. Last-minute flights. Purchasing tickets using cash. Traveling to destinations flagged by the U.S. Department of State as high-risk destinations. Some places are more likely to trigger SSSS than others; The Points Guy wrote that it comes up frequently when traveling to and/or from Turkey. Behavior at the airport that the TSA thinks raises suspicions. Random selection. Michael Salerno is an award-winning journalist who's covered travel and tourism since 2014. His work as The Arizona Republic's consumer travel reporter aims to help readers navigate the stresses of traveling and get the best value for their money on their vacations. He can be reached at This article originally appeared on Palm Springs Desert Sun: What boarding pass codes say about you. What Californians should know
Techday NZ
20-06-2025
- Techday NZ
Cloudflare thwarts record 7.3 Tbps DDoS attack with automation
Cloudflare has confirmed it recently mitigated what it describes as the largest distributed denial-of-service (DDoS) attack ever publicly disclosed, clocking in at 7.3 terabits per second (Tbps), surpassing previous known records. The attack, which occurred in mid-May 2025, targeted a hosting provider customer utilising Cloudflare's Magic Transit service for network defence. According to Cloudflare data, this incident follows closely on the heels of attacks recorded at 6.5 Tbps and 4.8 billion packets per second, illustrating that DDoS attacks are continuing to increase in both scale and complexity. Cloudflare stated that the 7.3 Tbps attack was 12% larger than its previous record and 1 Tbps greater than another recent attack reported by security journalist Brian Krebs. Attack analysis The 7.3 Tbps DDoS attack delivered a total of 37.4 terabytes of data within a 45-second window. During the attack, the targeted IP address was bombarded across an average of 21,925 destination ports, reaching a peak of 34,517 destination ports per second. The distribution of source ports mirrored this targeting method. The attack employed several vectors but was dominated by UDP floods, constituting 99.996% of total traffic. The residual traffic, amounting to 1.3 GB, involved QOTD reflection, Echo reflection, NTP reflection, Mirai UDP floods, Portmap flood, and RIPv1 amplification techniques. Each vector was identified and catalogued, with Cloudflare detailing how organisations could protect both themselves and the broader Internet from such forms of abuse. Cloudflare explained that the UDP DDoS component worked by sending large volumes of UDP packets to random or specific destination ports, either to saturate the Internet link or overwhelm network appliances. Other vectors, such as the QOTD (Quote of the Day), Echo, NTP, Portmap, and RIPv1, exploited vulnerabilities in legacy protocols and services to reflect and amplify attack traffic onto target systems. Global scale The attack was notable for its global reach. Traffic originated from more than 122,145 source IP addresses across 5,433 autonomous systems in 161 countries. Nearly half of the attack traffic came from Brazil and Vietnam, accounting for around twenty-five percent each. The remainder was largely attributable to sources in Taiwan, China, Indonesia, Ukraine, Ecuador, Thailand, the United States, and Saudi Arabia. At an autonomous system level, Telefonica Brazil (AS27699) contributed 10.5% of attack traffic, with Viettel Group (AS7552), China Unicom (AS4837), Chunghwa Telecom (AS3462), and China Telecom (AS4134) among the other major sources. The attack saw an average of 26,855 unique source IP addresses per second, peaking at 45,097. Technical response Cloudflare utilised the global anycast architecture to divert and dissipate the massive influx of traffic. As packets arrived at Cloudflare's network edge, they were routed to the closest data centre. This incident was managed across 477 data centres in 293 locations worldwide, with some regions operating multiple facilities due to traffic volume. Detection and mitigation were handled by Cloudflare's automated systems, which operate independently in each data centre. The Cloudflare global network runs every service in every data centre. This includes our DDoS detection and mitigation systems. This means that attacks can be detected and mitigated fully autonomously, regardless of where they originate from. Upon arrival, data packets were intelligently distributed to available servers where they were sampled for analysis. Cloudflare employed the denial of service daemon (dosd), a heuristic engine that reviews packet headers and anomalies for malicious patterns. The system then generated multiple permutations of digital fingerprints specific to the attack, seeking patterns that maximised blocking efficacy while minimising impact on legitimate traffic. Within data centres, real-time intelligence was shared by servers multicasting fingerprint information, refining mitigation on both a local and global scale. When a fingerprint surpassed predefined thresholds, mitigation rules were compiled and deployed as extended Berkeley Packet Filter (eBPF) programs to block the offending traffic. Once the attack ceased, associated rules were removed automatically. Botnet feed and future mitigation Cloudflare also maintains a free DDoS Botnet Threat Feed to help Internet service providers and hosting companies identify malicious traffic originating within their own infrastructure. The company said that over 600 organisations have subscribed to this service, allowing them to receive up-to-date lists of offending IP addresses engaged in DDoS attacks. Recommendations from Cloudflare emphasise tailored defences to address the unique characteristics of each network or application, with care taken to ensure that mitigation steps do not inadvertently disrupt legitimate traffic, particularly for services that depend on UDP or legacy protocols. Cloudflare's team highlighted that these successful defences occurred entirely without human intervention, alerting, or incident escalation, underscoring the shift towards fully autonomous, distributed mitigation strategies in response to modern DDoS threats.
