
DDos attack on GitHub - truth_seeker
https://www.wired.com/story/github-ddos-memcached/
======
arekkas
Why are developers of popular database solutions so reluctant to write secure-
by-design software. You would guess that some basic form of authentication
should be implemented in any internet-facing service. But here we are, after
the MongoDB fiasko, still left with thousands of vulnerable services because
someone didn't bother to implement basic auth.

~~~
harryh
Because these tools follow the unix philosophy of building single use tools.
There are a wide variety of authentication measures that can be composed with
databases to secure them. There is really no need to build the authentication
into the database itself and it fact doing so would violate a don't repeat
yourself ethos.

------
detaro
previously (original github post):
[https://news.ycombinator.com/item?id=16492832](https://news.ycombinator.com/item?id=16492832)

------
nik736
The title is plain wrong. Oles from OVH posted a screenshot on Twitter around
the same time with a DDoS attack that was even bigger:

[https://twitter.com/olesovhcom/status/969328679410110466](https://twitter.com/olesovhcom/status/969328679410110466)

~~~
nkozyra
I must be missing something, that looks about the same in severity.

------
seba_dos1
Kinda funny to see packet capture being called "a little-understood forensic
process" :P

