Just last month Brian Krebs wrote "What appears to be missing is any sense of urgency to address the DDoS threat on a coordinated, global scale," warning that countless ISPs still weren't implementing the BCP38 security standard, which was released "more than a dozen years ago" to filter spoofed traffic. That's one possible solution, but Slashdot reader dgallard suggests the PEIP and Fair Service proposals by Don Cohen: PEIP (Path Enhanced IP) extends the IP protocol to enable determining the router path of packets sent to a target host. Currently, there is no information to indicate which routers a packet traversed on its way to a destination (DDOS target), enabling use of forged source IP addresses to attack the target via packet flooding... Rather than attempting to prevent attack packets, instead PEIP provides a way to rate-limit all packets based on their router path to a destination.
I've also heard people suggest "just unplug everything," but on Friday the Wall Street Journal's Christopher Mim suggested another point of leverage, tweeting "We need laws that allow civil and/or criminal penalties for companies that sell systems this insecure." Is the best solution technical or legislative -- and does it involve hardware or software? Leave your best thoughts in the comments. How can we prevent packet-flooding DDOS attacks?

"Wondering which IoT device types are part of the Mirai botnet causing trouble today? Brian Krebs has the list," tweeted Trend Micro's Eric Skinner Friday, sharing an early October link which identifies Panasonic, Samsung and Xerox printers, and lesser known makers of routers and cameras. An anonymous reader quotes Fortune: Part of the responsibility should also lie with lawmakers and regulators, who have failed to create a safety system to account for the Internet-of-Things era we are now living in. Finally, it's time for consumers to acknowledge they have a role in the attack too. By failing to secure the internet-connected devices, they are endangering not just themselves but the rest of the Internet as well.
If you're worried, Motherboard is pointing people to an online scanning tool from BullGuard (a U.K. anti-virus firm) which checks whether devices on your home network are listed in the Shodan search engine for unsecured IoT devices. But earlier this month, Brian Krebs pointed out the situation is exacerbated by the failure of many ISPs to implement the BCP38 security standard to filter spoofed traffic, "allowing systems on their networks to be leveraged in large-scale DDoS attacks..."

Her video went viral, viewed more than 14 million times, and triggering concerns online when she was threatened with prison. But a North Dakota judge "refused to authorize riot charges against award-winning journalist Amy Goodman for her reporting on an attack against Native American-led anti-pipeline protesters." An anonymous Slashdot reader quotes NBC News: Goodman described the victory as a "great vindication of the First Amendment," although McLean County State's Attorney Ladd Erickson told The New York Times that additional charges were possible. "I believe they want to keep the investigation open and see if there is any evidence in the unedited and unpublished videos that we could better detail in an affidavit for the judge," Erickson told the newspaper.
The native Americans "were attempting to block the destruction of sacred sites, including ancestral burial grounds," according to a new article co-authored by Goodman about her experiences, which argues that "Attempts to criminalize nonviolent land and water defenders, humiliate them and arrest journalists should not pave the way for this pipeline."

Last month, Facebook deleted a historic Vietnam war photo of a naked girl fleeing a napalm attack, claiming it violated Facebook's restrictions on nudity. Now it appears that the company has removed a video on breast cancer awareness posted in Sweden after deeming the images offensive, the Swedish Cancer Society said on Thursday. The Guardian reports: The video, displaying animated figures of women with circle-shaped breasts, was aimed at explaining to women how to check for suspicious lumps. Sweden's Cancerfonden said it had tried in vain to contact Facebook, and had decided to appeal against the decision to remove the video. "We find it incomprehensible and strange how one can perceive medical information as offensive," Cancerfoden communications director Lena Biornstad told Agence France-Presse. "This is information that saves lives, which is important for us," she said. "This prevents us from doing so." The Guardian went on to report in a separate article that the the Swedish Cancer Society decided to make the round breasts square to evade Facebook's censorship of female anatomy. The group issued an open letter to Facebook featuring the pair of pair of breasts constructed of pink squares as opposed to pink circles. Facebook did apologize for banning the video, saying in a statement to the Guardian: "We're very sorry, our team processes millions of advertising images each week, and in some instances we incorrectly prohibit ads. This image does not violate our ad policies. We apologize for the error and have let the advertiser know we are approving their ads."

Investigative reporter and co-founder of Democracy Now!, Amy Goodman, is now facing riot charges in the state of North Dakota after her report on a Native American-led pipeline protest there went viral on Facebook. From a TechCrunch report:Democracy Now! issued a statement about the new charges against Goodman late Saturday. Goodman's story, posted to Facebook on September 4th, has been viewed more than 14 million times on the social media platform, Democracy Now! said, and was picked up by mainstream media outlets and networks including CBS, NBC, NPR, CNN, MSNBC and The Huffington Post. Additionally, documentary filmmaker Deia Schlosberg, is facing felony and conspiracy charges that could carry a 45-year sentence for filming at the protest, IndieWire reports.

An anonymous reader quotes the censorship-monitoring site Turkey Blocks: Turkey has blocked access to Dropbox, Microsoft OneDrive and partially restricted Google Drive cloud file sharing services following the leak of a set of private emails allegedly belonging to Minister Albayrak by hacktivist group RedHack. Both Google Drive and Dropbox services were issuing SSL errors, indicating intercepted traffic at the national or ISP level. Microsoft OneDrive was also subsequently blocked off throughout Turkey.
The emails reportedly document Turkey's use of pro-government trolls on Twitter -- though ironically, it's Twitter that's now being used to document the censorship. (GitHub was also blocked last night, according to a status update from the group.) Google Drive was even displaying an official notice from the Turkish government's Information and Communication Technologies Authority describing their block as an "administration measure" -- although another Twitter update this morning says Google Drive is now back online after Google complied with the government's takedown order.

The U.S. has given up its remaining control over the Internet. The formal handover, which took effect on Saturday, followed a last-ditch attempt by a group of Republicans to block the move. They had argued that the US concession would open the door for authoritarian governments get control of the network of networks, leading to greater censorship. From a BBC report:A judge in Texas has put the kibosh on a last-minute legal attempt to block the controversial decision for the US to give up control of one of the key systems that powers the internet. It's a move being breathlessly described by some as the US "giving up the internet" to the likes of China, Russia and the Middle East. For starters, while they can take the credit for inventing the underlying technology, the US never "had the internet" to begin with. Nobody did. It's a, duh, network. Decentralised. That's what makes it so powerful. But there are bits of internet infrastructure that some people and governments do have control over, and that's what this row is all about. One of them is the DNS - Domain Name System. This is the system for looking after web addresses. Thanks to the DNS, when you type bbc.com, you're taken to the correct servers for the BBC website. It saves you the grief of having to remember a string of numbers. That pairing of names and numbers is kept in one great big master file, the land registry of the web. The only organisation that can make changes is Icann, the Internet Corporation for Assigned Names and Numbers. As of Saturday 1 October 2016, Icann will no longer be under US government oversight.

An anonymous reader quotes a report from TIME: The Anti-Defamation League (ADL) has declared a popular internet meme depicting a cartoon frog to be a hate symbol. Pepe the Frog's beginnings were unoffensive: he is the creation of comic book creator Matt Furie, who featured the frog as a character in the series Boy's Club beginning in 2005. The character subsequently became a beloved meme, often called the "sad frog meme" and shared with a speech bubble reading "Feels good man" or "Feels bad man." But recently, as the Daily Beast reported in May, the character has been co-opted by a faction of Internet denizens who decided to reclaim it from the mainstream, and began sharing it in anti-Semitic contexts. "Images of the frog, variously portrayed with a Hitler-like mustache, wearing a yarmulke or a Klan hood, have proliferated in recent weeks in hateful messages aimed at Jewish and other users on Twitter," the ADL wrote in a statement. "Once again, racists and haters have taken a popular Internet meme and twisted it for their own purposes of spreading bigotry and harassing users," wrote ADL CEO Jonathan A. Greenblatt.

California Gov. Jerry Brown on Saturday signed legislation that requires certain entertainment sites, such as IMDb, to remove -- or not post in the first place -- an actor's age or birthday upon request, reports Hollywood Reporter. From the report: The law, which becomes effective Jan. 1, 2017, applies to entertainment database sites that allow paid subscribers to post resumes, headshots or other information for prospective employers. Only a paying subscriber can make a removal or nonpublication request. Although the legislation may be most critical for actors, it applies to all entertainment job categories. "Even though it is against both federal and state law, age discrimination persists in the entertainment industry," Majority Leader Ian Calderon, D-Whittier, said in a statement. "AB 1687 provides the necessary tools to remove age information from online profiles on employment referral websites to help prevent this type of discrimination."Bloomberg columnist, Shira Ovide said, "Congratulations, IMDB. You have now become the subject of California law." Slate writer Will Oremus added, "Sometimes I start to think California is not such a bad place and then they go and do something like this."

"After the massive 600gbps DDOS attack on KrebsOnSecurity.com that forced Akamai to withdraw their (pro-bono) DDOS protection, krebsonsecurity.com is now back online, hosted by Google," reports Slashdot reader Gumbercules!!.

"I am happy to report that the site is back up -- this time under Project Shield, a free program run by Google to help protect journalists from online censorship," Brian Krebs wrote today, adding "The economics of mitigating large-scale DDoS attacks do not bode well for protecting the individual user, to say nothing of independent journalists...anyone with an axe to grind and the willingness to learn a bit about the technology can become an instant, self-appointed global censor." [T]he Internet can't route around censorship when the censorship is all-pervasive and armed with, for all practical purposes, near-infinite reach and capacity. I call this rather unwelcome and hostile development the "The Democratization of Censorship...." [E]vents of the past week have convinced me that one of the fastest-growing censorship threats on the Internet today comes not from nation-states, but from super-empowered individuals who have been quietly building extremely potent cyber weapons with transnational reach...

Akamai and its sister company Prolexic have stood by me through countless attacks over the past four years. It just so happened that this last siege was nearly twice the size of the next-largest attack they had ever seen before. Once it became evident that the assault was beginning to cause problems for the company's paying customers, they explained that the choice to let my site go was a business decision, pure and simple... In an interview with The Boston Globe, Akamai executives said the attack -- if sustained -- likely would have cost the company millions of dollars.
One site told Krebs that Akamai-style protection would cost him $150,000 a year. "Ask yourself how many independent journalists could possibly afford that kind of protection money?" He suspects the attack was a botnet of enslaved IoT devices -- mainly cameras, DVRs, and routers -- but says the situation is exacerbated by the failure of many ISPs to implement the BCP38 security standard to filter spoofed traffic, "allowing systems on their networks to be leveraged in large-scale DDoS attacks... the biggest offenders will continue to fly under the radar of public attention unless and until more pressure is applied by hardware and software makers, as well as ISPs that are doing the right thing... What appears to be missing is any sense of urgency to address the DDoS threat on a coordinated, global scale."

The U.S. State Department is pursuing "a detailed plan for making unrestricted, unmonitored, and inexpensive electronic mass communications available to the people of North Korea." Slashdot reader Greg Jones reports: Plenty of government-designed "information" flows out of North Korea. At One Free Korea Joshua Stanton reports that the U.S. State Department just announced a new grant program for information technology solutions to punch through the wall that prevents the free flow of information into North Korea.
"Those of us who wrote and negotiated the [North Korea Sanctions and Policy Enhancement Act] were equally concerned with direct engagement of the North Korean people..." Stanton writes on his blog, reporting that there's now grants available to fund multiple projects. "If you have the technical knowledge to make this a reality, or know a place online where people with those talents congregate, please share and repost this solicitation and help spread the word."

An anonymous reader quotes a report from Ars Technica: For the better part of a day, KrebsOnSecurity, arguably the world's most intrepid source of security news, has been silenced, presumably by a handful of individuals who didn't like a recent series of exposes reporter Brian Krebs wrote. The incident, and the record-breaking data assault that brought it on, open a troubling new chapter in the short history of the Internet. The crippling distributed denial-of-service attacks started shortly after Krebs published stories stemming from the hack of a DDoS-for-hire service known as vDOS. The first article analyzed leaked data that identified some of the previously anonymous people closely tied to vDOS. It documented how they took in more than $600,000 in two years by knocking other sites offline. A few days later, Krebs ran a follow-up piece detailing the arrests of two men who allegedly ran the service. A third post in the series is here. On Thursday morning, exactly two weeks after Krebs published his first post, he reported that a sustained attack was bombarding his site with as much as 620 gigabits per second of junk data. That staggering amount of data is among the biggest ever recorded. Krebs was able to stay online thanks to the generosity of Akamai, a network provider that supplied DDoS mitigation services to him for free. The attack showed no signs of waning as the day wore on. Some indications suggest it may have grown stronger. At 4 pm, Akamai gave Krebs two hours' notice that it would no longer assume the considerable cost of defending KrebsOnSecurity. Krebs opted to shut down the site to prevent collateral damage hitting his service provider and its customers. The assault against KrebsOnSecurity represents a much greater threat for at least two reasons. First, it's twice the size. Second and more significant, unlike the Spamhaus attacks, the staggering volume of bandwidth doesn't rely on misconfigured domain name system servers which, in the big picture, can be remedied with relative ease. The attackers used Internet-of-things devices since they're always-connected and easy to "remotely commandeer by people who turn them into digital cannons that spray the internet with shrapnel." "The biggest threats as far as I'm concerned in terms of censorship come from these ginormous weapons these guys are building," Krebs said. "The idea that tools that used to be exclusively in the hands of nation states are now in the hands of individual actors, it's kind of like the specter of a James Bond movie." While Krebs could retain a DDoS mitigation service, it would cost him between $100,000 and $200,000 per year for the type of protection he needs, which is more than he can afford. What's especially troubling is that this attack can happen to many other websites, not just KrebsOnSecurity.

Facebook will learn from a mistake it made by deleting a historic Vietnam war photo of a naked girl fleeing a napalm attack, said Sheryl Sandberg, the company's chief operating officer. The photograph was removed from several accounts on Friday, including that of the Norwegian prime minister, Erna Solberg, on the grounds that it violated Facebook's restrictions on nudity. It was reinstated after Solberg accused Facebook of censorship and of editing history, The Guardian reports. From the article:"These are difficult decisions and we don't always get it right," Sandberg wrote in a letter to the prime minister, obtained by Reuters on Monday under Norway's freedom of information rules. "Even with clear standards, screening millions of posts on a case-by-case basis every week is challenging," Sandberg wrote. "Nonetheless, we intend to do better. We are committed to listening to our community and evolving. Thank you for helping us get this right," she wrote. She said the letter was a sign of "how seriously we take this matter and how we are handling it."

In an effort to "promote a culture where everyone feels safe to be themselves without criticism or harassment," Instagram has introduced today a "keyword moderation tool" that anyone can use to block offensive or inappropriate words. Mac Rumors reports: Referred to as a "keyword moderation tool," the feature will let each user type in words they find to be offensive, effectively hiding any mention of them in the comment section of their posts. The comments containing the harsh language will still be available for other Instagram users, but the company believes that allowing each user to determine which words to hide from their personal collection of photos will cultivate a "positive and safe" environment. To deal with abusive accounts, Instagram already lets users swipe to delete comments, report inappropriate comments and block accounts.

An anonymous reader quotes a report from ABC News: The Israeli government and Facebook agreed to work together to determine how to tackle incitement on the social media network, a senior Israeli Cabinet minister said Monday. The announcement came after two government ministers met top Facebook officials to discuss the matter. The Facebook delegation is in Israel as the government pushes ahead with legislative steps meant to force social networks to rein in content that Israel says incites violence. Israel has argued that a wave of violence with the Palestinians over the past year has been fueled by incitement, much of it spread on social media sites. It has repeatedly said that Facebook should do more to monitor and control the content, raising a host of legal and ethical issues over whether the company is responsible for material posted by its users. Both Public Security Minister Gilad Erdan and Justice Minister Ayelet Shaked, two key figures in Israel's battle against the alleged online provocations, participated in Monday's meeting. Erdan's office said they agreed with Facebook representatives to create teams that would figure out how best to monitor and remove inflammatory content, but did not elaborate further. Erdan and Shaked have proposed legislation that seeks to force social networks to remove content that Israel considers to be incitement. An opposition lawmaker has also proposed a bill seeking to force social networks to self-monitor or face a fine. Facebook said in a statement "online extremism can only be tackled with a strong partnership between policymakers, civil society, academia and companies, and this is true in Israel and around the world." The company did also say that its community standards "make it clear there is non place for terrorists or content that promotes terrorism on Facebook." ABC News reports that "over the past four months Israel submitted 158 requests to Facebook to remove inciting content and another 13 requests to YouTube," according to Shaked. "She said Facebook granted some 95 percent of the requests and YouTube granted 80 percent." All of this adds to the censorship controversy that is currently surrounding Facebook. Last week, Norway's largest newspaper accused Mark Zuckerberg of abusing power after his company decided to censor a historic photograph of the Vietnamese "Napalm Girl," claiming it violated the company's ban on "child nudity."

"Keeping your enemies offline can cripple their chances of overthrowing you," reports the MIT Technology Review. Slashdot reader schwit1 quotes their article: Whether or not your ethnic group has political power is a crucial factor determining your access to the Internet, according to a new analysis. The effect varies from country to country, and is much less pronounced in democratic nations. But the study, published today in Science, suggests that besides censorship, another way national governments prevent opposing groups from organizing online is by denying them Internet access in the first place, says Nils Weidmann, a professor of political science at the University of Konstanz in Germany.
Researchers used a geolocation database to create a map showing subnetwork activity for a large volume of internet traffic, then compared it with geographic data for the world's ethnic groups. "They concluded that excluded groups had significantly lower access compared to the groups in power, and that this can't be explained by other economic or geographic factors (like living in rural vs. urban areas)... 'You don't have to censor if the opposition doesn't get access at all.' "

An anonymous reader quotes a report from The Verge: The Cuban government is blocking text messages that contain words such as "democracy," "human rights," and "hunger strike," according to an investigation from local dissidents. In a Spanish-language report published last week, prominent blogger Yoani Sanchez and journalist Reinaldo Escobar found that the government is filtering 30 keywords and blocking the transmission of any texts that contain them. Reuters later confirmed that messages containing the Spanish words for "democracy" and "human rights" did not reach their destination, nor did those containing Sanchez's name or "Somos Mas": an opposition group that worked on the investigation. Texts that included the word "protest" were transmitted, the agency reported on Tuesday, and those that were blocked were marked as "sent" on the sender's phone. It's not clear how long the communist government has been filtering keywords and blocking texts, and activists suspect that there may be more terms that it is targeting. Cuba has long been accused of committing human rights abuses, including arbitrary detentions and restrictions on freedom of speech. "We discovered not just us but the entire country is being censored," Eliecer Avila, the head of Somos Mas, tells Reuters. "It just shows how insecure and paranoid the government is."

Striek writes: "On Wednesday, several YouTube creators posted videos that voiced concerns over the platform's process of demonetizing videos for not being friendly to advertisers," reports Daily Dot. Many YouTube creators have similar concerns that no, this isn't censorship in the strictest sense, but that YouTube owes its users a better commitment to free speech than most private companies due to its dominant marketplace position. Its criteria for videos being "advertiser-friendly" is also incredibly vague or restrictive, or both. The Daily Dot reports: "Content that is considered inappropriate for advertising includes: Sexually suggestive content, including partial nudity and sexual humor; Violence, including display of serious injury and events related to violent extremism; Inappropriate language, including harassment, profanity and vulgar language; Promotion of drugs and regulated substances, including selling, use and abuse of such items; Controversial or sensitive subjects and events, including subjects related to war, political conflicts, natural disasters and tragedies, even if graphic imagery is not shown." You read that right -- any YouTube video covering any war or natural disaster is considered inappropriate for advertising, which essentially includes all news and current events shows. This might not seem like a big deal to many people, but it would be, if you made your living creating YouTube videos. So while technically not censorship, many people are arguing YouTube has gone a few steps too far with this, and are likewise worried that this will be too selectively enforced. justthinkit adds: On August 31, 2016, YouTube demonetized videos for reasons that appear to punish those who attack "Social Justice Warriors" and the mainstream media. Philip DeFranco has spoken out about it and hinted he may have to move to other video platforms. Is this an issue most should care about or is it merely a first world problem? The reason this is a story is because YouTube has "recently improved the notification and appeal process to ensure better communication." What this means is YouTube has been making users more aware of the issue with language or content, and the chance to appeal a demonetized video. What has upset many creators is the fact that the company has been demonetizing videos without telling the creators. YouTube has only recently started telling partners what is going on. In addition, there has been a discrepancy as to which channels/networks have been demonetized. For example, while one YouTube creator may be reporting on a current event that isn't "advertiser-friendly" and has been denied monetization as a result, another YouTube creator via a large network like CNN may be covering the same current event but be allowed monetization.

An anonymous reader quotes a report from Electronic Frontier Foundation: U.S. border control agents want to gather Facebook and Twitter identities from visitors from around the world. But this flawed plan would violate travelers' privacy, and would have a wide-ranging impact on freedom of expression -- all while doing little or nothing to protect Americans from terrorism. A proposal has been issued by U.S. Customs and Border Protection to collect social media handles from visitors to the United States from visa waiver countries. The Electronic Frontier Foundation opposes the proposal and has commented on it individually and as part of a larger coalition. "CBP specifically seeks 'information associated with your online presence -- Provider/Platform -- Social media identifier' in order to provider DHS 'greater clarity and visibility to possible nefarious activity and connections' for 'vetting purposes,'" reports EFF. "In our comments, we argue that would-be terrorists are unlikely to disclose social media identifiers that reveal publicly available posts expressing support for terrorism." They say this plan "would unfairly violate the privacy of innocent travelers," would cause "innocent travelers" to "engage in self-censorship, cutting back on their online activity out of fear of being wrongly judged by the U.S. government," and would lead to a "slippery slope, where CBP would require U.S. citizens and residents returning home to disclose their social media handles, or subject both foreign visitors and U.S. persons to invasive device searches at ports of entry with the intent of easily accessing any and all cloud data."

Twitter just began rolling out "new ways to control your experience," promising the two new features "will give you more control over what you see and who you interact with on Twitter." An anonymous Slashdot reader quotes a report from Wired UK: First up, notification settings will allow those using Twitter on the web or on desktop to limit the notifications they receive for @ mentions, RTs, and other interactions to just be from people they follow. The feature can be turned on through the notifications tab. Twitter is also expanding its quality filter -- also accessible through notifications. "When turned on, the filter can improve the quality of Tweets you see by using a variety of signals, such as account origin and behavior," the company's product manager Emil Leong said in a blog post.

In December 2015, the company changed its rules to explicitly ban "hateful conduct" for the first time, while back in February last year, Twitter's then-CEO Dick Costolo admitted the network needed to improve how it handled trolls and abuse. In a leaked memo he said: "I'm frankly ashamed of how poorly we've dealt with this issue during my tenure as CEO. It's absurd. There's no excuse for it. I take full responsibility for not being more aggressive on this front. It's nobody else's fault but mine, and it's embarrassing."
Meanwhile, the Twitter account of Wikipedia co-founder Jimmy Wales was hacked on Saturday.