QUIC stands for “Quick UDP Internet Connections” and is, itself, Google’s attempt at rewriting the TCP protocol as an improved technology that combines HTTP/2, TCP, UDP, and TLS (for encryption), among many other things.
Source: HTTP-over-QUIC to be renamed HTTP/3 | ZDNet
Since then, HTTP-over-QUIC support was added inside Chrome 29 and Opera 16, but also in LiteSpeed web servers. While initially, only Google’s servers supported HTTP-over-QUIC connections, this year, Facebook also started adopting the technology.
Court says an attacker was only required to send malformed UDP packets to a target’s Steam client, which would have triggered the bug and allowed him to run malicious code on the target’s PC.
Source: Valve Patches Security Bug That Existed in Steam Client for the Past Ten Years
On a typical secure TCP connection, it typically takes two or three round-trips before the browser can actually start receiving data. Using QUIC, a browser can immediately start talking to a server it has talked to before. QUIC also introduces a couple of new features like congestion control and automatic re-transmission, making it more reliable that pure UDP.
via Google Wants To Speed Up The Web With Its QUIC Protocol | TechCrunch.
Users who connect to YouTube over QUIC report about 30 percent fewer rebuffers when watching videos and because of QUIC’s improved congestion control and loss recover over UDP, users on some of the slowest connection also see improved page load times with QUIC.
Google says it plans to propose HTTP2-over-QUIC to the IETF as a new Internet standard in the future.
The vulnerability that Drake outlines rises from a poorly coded service, infosvr, which is used by ASUS to facilitate router configuration by automatically monitoring the local area network (LAN) and identifying other connected routers. Infosvr, Drake explains, runs with root privileges and contains an unauthenticated command execution vulnerability. In turn this permits anyone connected to the LAN to gain control by sending a user datagram protocol (UDP) package to the router.
via Root command execution bug found across wireless router range.
This seems more like a designed in feature not implemented correctly. Transferring config information on an unsecure network is difficult to implement without some kind of flaw.
This kind of hack is well above the capability of your average hacker. Very unlikely they could do much more than Man In the Middle which they could do anyway without hacking the router. I do not chase updates on SOHO routers because it’s pointless, a waste of time that possibly introduces different bugs.
An FAQ and an in-depth design document provide more information than most people would want to know about QUIC. Besides running multiplexed connections over UDP, QUIC was “designed to provide security protection equivalent to TLS/SSL, along with reduced connection and transport latency,” the FAQ states.
via Google making the Web faster with protocol that reduces round trips | Ars Technica.
“You will see the World War I artillery acronyms are shorter, but, that is because, you have to remember, that, the primitive radio-transmitters that sent the Morse code were run by batteries, and, those didn’t last much more than a half-hour tops, probably less.
“Thus all World War I codes had to be S-n-S, Short-n-Sweet.
via BBC News – Has World War II carrier pigeon message been cracked?.
Network administrators who do not appreciate this sort of hole in their firewall and are worried about abuse, are left with only one option – they have to block outgoing UDP traffic, or limit it to essential individual cases. UDP is not required for normal internet communication anyway – the web, e-mail and suchlike all use TCP. Streaming protocols may, however, encounter problems, as they often use UDP because of the reduced overhead.
via How Skype & Co. get round firewalls – The H Security: News and Features.
List of TCP and UDP port numbers – Wikipedia, the free encyclopedia.
This site was also a good reference when I tried to find out what common services used port 9000.