undefined | Better HN

0 pointsgjsman-10004y ago0 comments

Apple has sort of addressed this with only having it work with Safari and other apps that implement the API, rather than system-wide as something you can connect to. It’s probably going to take a lot of reverse engineering before hackers figure out the API and how to get third party devices to connect and authenticate, if at all. If you can’t get third party devices to connect, you are missing the first D in DDOS.

0 comments

mariojv4y ago

There is also almost certainly an authentication mechanism in place, even if you were to reverse engineer the API. You'd need a bunch of paid iCloud accounts to have a DDoS be at all feasible with this service.

Additionally, Cloudflare themselves, one of Apple's third party partners, offer DDoS protection services. Because they see all the exit traffic, they'd be able to detect the DDoS and block it.

Ensorceled4y ago

That's why this concern seemed weird to me; the exit nodes ARE the DDoS protection services.

I can't see Cloudflare putting themselves in the position of needed to protect their clients from themselves ...

gjsman-1000OP4y ago

Otherwise, by the poster’s logic, why hasn’t CloudFlare been a DDoS vector?

j / k navigate · click thread line to collapse