Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Slashdot Asks: How Can We Prevent Packet-Flooding DDOS Attacks? ( 349

Just last month Brian Krebs wrote "What appears to be missing is any sense of urgency to address the DDoS threat on a coordinated, global scale," warning that countless ISPs still weren't implementing the BCP38 security standard, which was released "more than a dozen years ago" to filter spoofed traffic. That's one possible solution, but Slashdot reader dgallard suggests the PEIP and Fair Service proposals by Don Cohen: PEIP (Path Enhanced IP) extends the IP protocol to enable determining the router path of packets sent to a target host. Currently, there is no information to indicate which routers a packet traversed on its way to a destination (DDOS target), enabling use of forged source IP addresses to attack the target via packet flooding... Rather than attempting to prevent attack packets, instead PEIP provides a way to rate-limit all packets based on their router path to a destination.
I've also heard people suggest "just unplug everything," but on Friday the Wall Street Journal's Christopher Mim suggested another point of leverage, tweeting "We need laws that allow civil and/or criminal penalties for companies that sell systems this insecure." Is the best solution technical or legislative -- and does it involve hardware or software? Leave your best thoughts in the comments. How can we prevent packet-flooding DDOS attacks?

Who Should We Blame For Friday's DDOS Attack? ( 190

"Wondering which IoT device types are part of the Mirai botnet causing trouble today? Brian Krebs has the list," tweeted Trend Micro's Eric Skinner Friday, sharing an early October link which identifies Panasonic, Samsung and Xerox printers, and lesser known makers of routers and cameras. An anonymous reader quotes Fortune: Part of the responsibility should also lie with lawmakers and regulators, who have failed to create a safety system to account for the Internet-of-Things era we are now living in. Finally, it's time for consumers to acknowledge they have a role in the attack too. By failing to secure the internet-connected devices, they are endangering not just themselves but the rest of the Internet as well.
If you're worried, Motherboard is pointing people to an online scanning tool from BullGuard (a U.K. anti-virus firm) which checks whether devices on your home network are listed in the Shodan search engine for unsecured IoT devices. But earlier this month, Brian Krebs pointed out the situation is exacerbated by the failure of many ISPs to implement the BCP38 security standard to filter spoofed traffic, "allowing systems on their networks to be leveraged in large-scale DDoS attacks..."
The Media

Journalist Cleared of Riot Charges in South Dakota ( 79

Her video went viral, viewed more than 14 million times, and triggering concerns online when she was threatened with prison. But a North Dakota judge "refused to authorize riot charges against award-winning journalist Amy Goodman for her reporting on an attack against Native American-led anti-pipeline protesters." An anonymous Slashdot reader quotes NBC News: Goodman described the victory as a "great vindication of the First Amendment," although McLean County State's Attorney Ladd Erickson told The New York Times that additional charges were possible. "I believe they want to keep the investigation open and see if there is any evidence in the unedited and unpublished videos that we could better detail in an affidavit for the judge," Erickson told the newspaper.
The native Americans "were attempting to block the destruction of sacred sites, including ancestral burial grounds," according to a new article co-authored by Goodman about her experiences, which argues that "Attempts to criminalize nonviolent land and water defenders, humiliate them and arrest journalists should not pave the way for this pipeline."

Facebook Bans Animated Breast Cancer Awareness Video Showing Circle-Shaped Breasts ( 98

Last month, Facebook deleted a historic Vietnam war photo of a naked girl fleeing a napalm attack, claiming it violated Facebook's restrictions on nudity. Now it appears that the company has removed a video on breast cancer awareness posted in Sweden after deeming the images offensive, the Swedish Cancer Society said on Thursday. The Guardian reports: The video, displaying animated figures of women with circle-shaped breasts, was aimed at explaining to women how to check for suspicious lumps. Sweden's Cancerfonden said it had tried in vain to contact Facebook, and had decided to appeal against the decision to remove the video. "We find it incomprehensible and strange how one can perceive medical information as offensive," Cancerfoden communications director Lena Biornstad told Agence France-Presse. "This is information that saves lives, which is important for us," she said. "This prevents us from doing so." The Guardian went on to report in a separate article that the the Swedish Cancer Society decided to make the round breasts square to evade Facebook's censorship of female anatomy. The group issued an open letter to Facebook featuring the pair of pair of breasts constructed of pink squares as opposed to pink circles. Facebook did apologize for banning the video, saying in a statement to the Guardian: "We're very sorry, our team processes millions of advertising images each week, and in some instances we incorrectly prohibit ads. This image does not violate our ad policies. We apologize for the error and have let the advertiser know we are approving their ads."

Journalists Face Jail Time After Reporting on North Dakota Pipeline Protest ( 357

Investigative reporter and co-founder of Democracy Now!, Amy Goodman, is now facing riot charges in the state of North Dakota after her report on a Native American-led pipeline protest there went viral on Facebook. From a TechCrunch report:Democracy Now! issued a statement about the new charges against Goodman late Saturday. Goodman's story, posted to Facebook on September 4th, has been viewed more than 14 million times on the social media platform, Democracy Now! said, and was picked up by mainstream media outlets and networks including CBS, NBC, NPR, CNN, MSNBC and The Huffington Post. Additionally, documentary filmmaker Deia Schlosberg, is facing felony and conspiracy charges that could carry a 45-year sentence for filming at the protest, IndieWire reports.

Dropbox, Google Drive, GitHub and Microsoft OneDrive Cloud Services Blocked In Turkey ( 75

An anonymous reader quotes the censorship-monitoring site Turkey Blocks: Turkey has blocked access to Dropbox, Microsoft OneDrive and partially restricted Google Drive cloud file sharing services following the leak of a set of private emails allegedly belonging to Minister Albayrak by hacktivist group RedHack. Both Google Drive and Dropbox services were issuing SSL errors, indicating intercepted traffic at the national or ISP level. Microsoft OneDrive was also subsequently blocked off throughout Turkey.
The emails reportedly document Turkey's use of pro-government trolls on Twitter -- though ironically, it's Twitter that's now being used to document the censorship. (GitHub was also blocked last night, according to a status update from the group.) Google Drive was even displaying an official notice from the Turkish government's Information and Communication Technologies Authority describing their block as an "administration measure" -- although another Twitter update this morning says Google Drive is now back online after Google complied with the government's takedown order.
The Internet

As ICANN Gains Full Oversight Of Domain Name System, Some Wonder If It Means the US Has Given Away The Internet ( 215

The U.S. has given up its remaining control over the Internet. The formal handover, which took effect on Saturday, followed a last-ditch attempt by a group of Republicans to block the move. They had argued that the US concession would open the door for authoritarian governments get control of the network of networks, leading to greater censorship. From a BBC report:A judge in Texas has put the kibosh on a last-minute legal attempt to block the controversial decision for the US to give up control of one of the key systems that powers the internet. It's a move being breathlessly described by some as the US "giving up the internet" to the likes of China, Russia and the Middle East. For starters, while they can take the credit for inventing the underlying technology, the US never "had the internet" to begin with. Nobody did. It's a, duh, network. Decentralised. That's what makes it so powerful. But there are bits of internet infrastructure that some people and governments do have control over, and that's what this row is all about. One of them is the DNS - Domain Name System. This is the system for looking after web addresses. Thanks to the DNS, when you type, you're taken to the correct servers for the BBC website. It saves you the grief of having to remember a string of numbers. That pairing of names and numbers is kept in one great big master file, the land registry of the web. The only organisation that can make changes is Icann, the Internet Corporation for Assigned Names and Numbers. As of Saturday 1 October 2016, Icann will no longer be under US government oversight.

Anti-Defamation League Declares Pepe the Frog a Hate Symbol ( 398

An anonymous reader quotes a report from TIME: The Anti-Defamation League (ADL) has declared a popular internet meme depicting a cartoon frog to be a hate symbol. Pepe the Frog's beginnings were unoffensive: he is the creation of comic book creator Matt Furie, who featured the frog as a character in the series Boy's Club beginning in 2005. The character subsequently became a beloved meme, often called the "sad frog meme" and shared with a speech bubble reading "Feels good man" or "Feels bad man." But recently, as the Daily Beast reported in May, the character has been co-opted by a faction of Internet denizens who decided to reclaim it from the mainstream, and began sharing it in anti-Semitic contexts. "Images of the frog, variously portrayed with a Hitler-like mustache, wearing a yarmulke or a Klan hood, have proliferated in recent weeks in hateful messages aimed at Jewish and other users on Twitter," the ADL wrote in a statement. "Once again, racists and haters have taken a popular Internet meme and twisted it for their own purposes of spreading bigotry and harassing users," wrote ADL CEO Jonathan A. Greenblatt.

California Enacts Law Requiring IMDb To Remove Actor Ages On Request ( 319

California Gov. Jerry Brown on Saturday signed legislation that requires certain entertainment sites, such as IMDb, to remove -- or not post in the first place -- an actor's age or birthday upon request, reports Hollywood Reporter. From the report: The law, which becomes effective Jan. 1, 2017, applies to entertainment database sites that allow paid subscribers to post resumes, headshots or other information for prospective employers. Only a paying subscriber can make a removal or nonpublication request. Although the legislation may be most critical for actors, it applies to all entertainment job categories. "Even though it is against both federal and state law, age discrimination persists in the entertainment industry," Majority Leader Ian Calderon, D-Whittier, said in a statement. "AB 1687 provides the necessary tools to remove age information from online profiles on employment referral websites to help prevent this type of discrimination."Bloomberg columnist, Shira Ovide said, "Congratulations, IMDB. You have now become the subject of California law." Slate writer Will Oremus added, "Sometimes I start to think California is not such a bad place and then they go and do something like this."

Krebs Is Back Online Thanks To Google's Project Shield ( 149

"After the massive 600gbps DDOS attack on that forced Akamai to withdraw their (pro-bono) DDOS protection, is now back online, hosted by Google," reports Slashdot reader Gumbercules!!.

"I am happy to report that the site is back up -- this time under Project Shield, a free program run by Google to help protect journalists from online censorship," Brian Krebs wrote today, adding "The economics of mitigating large-scale DDoS attacks do not bode well for protecting the individual user, to say nothing of independent journalists...anyone with an axe to grind and the willingness to learn a bit about the technology can become an instant, self-appointed global censor." [T]he Internet can't route around censorship when the censorship is all-pervasive and armed with, for all practical purposes, near-infinite reach and capacity. I call this rather unwelcome and hostile development the "The Democratization of Censorship...." [E]vents of the past week have convinced me that one of the fastest-growing censorship threats on the Internet today comes not from nation-states, but from super-empowered individuals who have been quietly building extremely potent cyber weapons with transnational reach...

Akamai and its sister company Prolexic have stood by me through countless attacks over the past four years. It just so happened that this last siege was nearly twice the size of the next-largest attack they had ever seen before. Once it became evident that the assault was beginning to cause problems for the company's paying customers, they explained that the choice to let my site go was a business decision, pure and simple... In an interview with The Boston Globe, Akamai executives said the attack -- if sustained -- likely would have cost the company millions of dollars.

One site told Krebs that Akamai-style protection would cost him $150,000 a year. "Ask yourself how many independent journalists could possibly afford that kind of protection money?" He suspects the attack was a botnet of enslaved IoT devices -- mainly cameras, DVRs, and routers -- but says the situation is exacerbated by the failure of many ISPs to implement the BCP38 security standard to filter spoofed traffic, "allowing systems on their networks to be leveraged in large-scale DDoS attacks... the biggest offenders will continue to fly under the radar of public attention unless and until more pressure is applied by hardware and software makers, as well as ISPs that are doing the right thing... What appears to be missing is any sense of urgency to address the DDoS threat on a coordinated, global scale."
United States

U.S. Funds Challenges To North Korea's 'Information Shield' ( 87

The U.S. State Department is pursuing "a detailed plan for making unrestricted, unmonitored, and inexpensive electronic mass communications available to the people of North Korea." Slashdot reader Greg Jones reports: Plenty of government-designed "information" flows out of North Korea. At One Free Korea Joshua Stanton reports that the U.S. State Department just announced a new grant program for information technology solutions to punch through the wall that prevents the free flow of information into North Korea.
"Those of us who wrote and negotiated the [North Korea Sanctions and Policy Enhancement Act] were equally concerned with direct engagement of the North Korean people..." Stanton writes on his blog, reporting that there's now grants available to fund multiple projects. "If you have the technical knowledge to make this a reality, or know a place online where people with those talents congregate, please share and repost this solicitation and help spread the word."

Why the Silencing of KrebsOnSecurity Opens a Troubling Chapter For the Internet ( 207

An anonymous reader quotes a report from Ars Technica: For the better part of a day, KrebsOnSecurity, arguably the world's most intrepid source of security news, has been silenced, presumably by a handful of individuals who didn't like a recent series of exposes reporter Brian Krebs wrote. The incident, and the record-breaking data assault that brought it on, open a troubling new chapter in the short history of the Internet. The crippling distributed denial-of-service attacks started shortly after Krebs published stories stemming from the hack of a DDoS-for-hire service known as vDOS. The first article analyzed leaked data that identified some of the previously anonymous people closely tied to vDOS. It documented how they took in more than $600,000 in two years by knocking other sites offline. A few days later, Krebs ran a follow-up piece detailing the arrests of two men who allegedly ran the service. A third post in the series is here. On Thursday morning, exactly two weeks after Krebs published his first post, he reported that a sustained attack was bombarding his site with as much as 620 gigabits per second of junk data. That staggering amount of data is among the biggest ever recorded. Krebs was able to stay online thanks to the generosity of Akamai, a network provider that supplied DDoS mitigation services to him for free. The attack showed no signs of waning as the day wore on. Some indications suggest it may have grown stronger. At 4 pm, Akamai gave Krebs two hours' notice that it would no longer assume the considerable cost of defending KrebsOnSecurity. Krebs opted to shut down the site to prevent collateral damage hitting his service provider and its customers. The assault against KrebsOnSecurity represents a much greater threat for at least two reasons. First, it's twice the size. Second and more significant, unlike the Spamhaus attacks, the staggering volume of bandwidth doesn't rely on misconfigured domain name system servers which, in the big picture, can be remedied with relative ease. The attackers used Internet-of-things devices since they're always-connected and easy to "remotely commandeer by people who turn them into digital cannons that spray the internet with shrapnel." "The biggest threats as far as I'm concerned in terms of censorship come from these ginormous weapons these guys are building," Krebs said. "The idea that tools that used to be exclusively in the hands of nation states are now in the hands of individual actors, it's kind of like the specter of a James Bond movie." While Krebs could retain a DDoS mitigation service, it would cost him between $100,000 and $200,000 per year for the type of protection he needs, which is more than he can afford. What's especially troubling is that this attack can happen to many other websites, not just KrebsOnSecurity.
Social Networks

Facebook's Sheryl Sandberg On 'Napalm Girl' Photo: 'We Don't Always Get it Right' ( 196

Facebook will learn from a mistake it made by deleting a historic Vietnam war photo of a naked girl fleeing a napalm attack, said Sheryl Sandberg, the company's chief operating officer. The photograph was removed from several accounts on Friday, including that of the Norwegian prime minister, Erna Solberg, on the grounds that it violated Facebook's restrictions on nudity. It was reinstated after Solberg accused Facebook of censorship and of editing history, The Guardian reports. From the article:"These are difficult decisions and we don't always get it right," Sandberg wrote in a letter to the prime minister, obtained by Reuters on Monday under Norway's freedom of information rules. "Even with clear standards, screening millions of posts on a case-by-case basis every week is challenging," Sandberg wrote. "Nonetheless, we intend to do better. We are committed to listening to our community and evolving. Thank you for helping us get this right," she wrote. She said the letter was a sign of "how seriously we take this matter and how we are handling it."

Instagram Rolls Out 'Keyword Moderation Tool' That Will Filter Out Offensive Comments ( 220

In an effort to "promote a culture where everyone feels safe to be themselves without criticism or harassment," Instagram has introduced today a "keyword moderation tool" that anyone can use to block offensive or inappropriate words. Mac Rumors reports: Referred to as a "keyword moderation tool," the feature will let each user type in words they find to be offensive, effectively hiding any mention of them in the comment section of their posts. The comments containing the harsh language will still be available for other Instagram users, but the company believes that allowing each user to determine which words to hide from their personal collection of photos will cultivate a "positive and safe" environment. To deal with abusive accounts, Instagram already lets users swipe to delete comments, report inappropriate comments and block accounts.

Facebook Is Collaborating With The Israeli Government To Determine What Should Be Censored ( 232

An anonymous reader quotes a report from ABC News: The Israeli government and Facebook agreed to work together to determine how to tackle incitement on the social media network, a senior Israeli Cabinet minister said Monday. The announcement came after two government ministers met top Facebook officials to discuss the matter. The Facebook delegation is in Israel as the government pushes ahead with legislative steps meant to force social networks to rein in content that Israel says incites violence. Israel has argued that a wave of violence with the Palestinians over the past year has been fueled by incitement, much of it spread on social media sites. It has repeatedly said that Facebook should do more to monitor and control the content, raising a host of legal and ethical issues over whether the company is responsible for material posted by its users. Both Public Security Minister Gilad Erdan and Justice Minister Ayelet Shaked, two key figures in Israel's battle against the alleged online provocations, participated in Monday's meeting. Erdan's office said they agreed with Facebook representatives to create teams that would figure out how best to monitor and remove inflammatory content, but did not elaborate further. Erdan and Shaked have proposed legislation that seeks to force social networks to remove content that Israel considers to be incitement. An opposition lawmaker has also proposed a bill seeking to force social networks to self-monitor or face a fine. Facebook said in a statement "online extremism can only be tackled with a strong partnership between policymakers, civil society, academia and companies, and this is true in Israel and around the world." The company did also say that its community standards "make it clear there is non place for terrorists or content that promotes terrorism on Facebook." ABC News reports that "over the past four months Israel submitted 158 requests to Facebook to remove inciting content and another 13 requests to YouTube," according to Shaked. "She said Facebook granted some 95 percent of the requests and YouTube granted 80 percent." All of this adds to the censorship controversy that is currently surrounding Facebook. Last week, Norway's largest newspaper accused Mark Zuckerberg of abusing power after his company decided to censor a historic photograph of the Vietnamese "Napalm Girl," claiming it violated the company's ban on "child nudity."

Slashdot Top Deals