At least one company is ready to follow Google’s stance on doing business in China: GoDaddy.
During a congressional hearing later today to discuss Internet freedom and China, GoDaddy executives plan to announce that they will stop registering domain names in China in response to a new government policy that requires extensive information about registrants, according to The Washington Post. Starting last December, individuals and businesses that wished to register a .cn domain name were being asked to submit a photograph of themselves as well as a serial number identifying their business license in China.
“This is the first time a registry has asked us to retroactively obtain additional verification and documentation of individuals who have registered a domain name through our company,” Christine Jones, general counsel at GoDaddy, said in a copy of her prepared remarks provided by GoDaddy. The company will continue to manage existing registrations but will no longer offer new .cn domain names, she said.
Jones also told the committee that GoDaddy has faced increased numbers of DDoS (Distributed Denial of Service) attacks since the beginning of the year. “In the first three months of this year, we have repelled dozens of extremely serious DDoS attacks that appear to have originated in China, based on the IP addresses from which the attacks derived. Had our security systems not countered these attacks, the result would have been a widespread take-down of our customers’ hosted Web sites,” Jones said in her prepared testimony.
Google’s Alan Davidson, director of public policy, also plans to speak before the hearing, coming two days after Google announced its decision to move its Chinese-language search engine from mainland China to Hong Kong in order to bypass government laws on Internet censorship.
“Internet censorship is a challenge that no particular industry–much less any single company–can tackle on its own,” Davidson plans to say during his testimony, according to a copy of his prepared remarks posted on Google’s public policy blog. “However, we believe concerted, collective action by governments, companies and individuals can help promote online free expression and reduce the impact of censorship.”
For the most part, U.S. companies have reiterated plans to stay in China and adhere to their laws following Google’s initial announcement in January and subsequent moves this week. Earlier this year, Secretary of State Hillary Clinton urged companies to do their part in pressuring governments to open up the Internet to their citizens, but many companies feel the issue is much more properly dealt with at the national level, according to trade group representatives.
Source: http://dosarrest.com/news/79-godaddy.html
The Electronic Frontier Foundation got its hand on documents on federal law enforcement approaches to gathering data on Facebook and other social networks. But just how far should the FBI and other police agencies go in using those sites to collect data?
Reports law enforcement agencies use social networking sites like Facebook for investigations has touched a nerve with some, but opinions are divided as to whether lines are being crossed.
The discussion was put into focus today with the release of a U.S. Department of Justice (DOJ) document touching on the use of social networking sites by law enforcement agencies conduct undercover operations and obtain evidence – including through the use of fake user profiles. The 33-page document (PDF) was turned over to the Electronic Frontier Foundation (EFF) after the digital privacy watchdog group sued the DOJ for information about the department’s use of social networking sites for federal investigations.
The EFF also got its hands on information about a 2009 training course that describes how IRS employees can use social networking sites and tools like Google Street View to investigate taxpayers.
The idea of the government using the Web as an investigative tool should surprise few; for example, in the case described here, investigators went undercover online to catch a suspected sexual predator. But deciding where the between privacy and surveillance should be drawn and possibly crossed can be tougher questions.
“Where it gets a bit iffy to me from a privacy perspective are private profiles,” said Shawn Moyer, principal security consultant at FishNet. “For example, my Facebook profile is private – so if you pretend to be someone I know so I that I add you to my network, and then monitor activity in my private profile, that seems like it wouldn’t be in line with the same kind of intelligence gathering as say, monitoring a public place of business. In the case of in real life undercover activity, there are lots of procedural rules around how and when law enforcement performs an impersonation, but for a social network impersonation the barrier of entry is obviously very low, so any agent with a computer and an account could take on a persona.”For its part, Facebook says it regularly works with law enforcement agencies investigating criminal activity.
“We have developed materials to help officials understand Facebook and the proper ways to request information from Facebook to aid investigations,” Facebook spokesman Andrew Noyes told eWEEK. “We scrutinize every single law enforcement request; require a detailed description of why the request is being made; and if it is deemed appropriate, share only the minimum amount of information. We strive to respect the balance between law enforcement’s need for information and the privacy rights of our users, and as a responsible company we adhere to the letter of the law.”
“It is possible that the accounts of undercover officers would be disabled in our regular checks for fake accounts,” he said. “However, we don’t have any prior knowledge that they are undercover officers or any way to distinguish these accounts that we may detect from other fake accounts.”
With the exception of Twitter’s ‘Verified Accounts’ feature, social networks don’t really have a feasible way to prove a user’s identityas it is, Moyer noted.
“Most sites do state in their terms of service that you can’t use the network for willfull impersonation and things along that line, but it’s demonstrably unenforceable since so many accounts of that type exist, and no real method to verify identities is in place,” Moyer said. “That said, I’d bet a savvy defense lawyer could use the Terms of Service and the fact that law enforcement specifically targeted someone as grounds to get social network data thrown out of court.”
There are certainly jurisdictional and constitutional issues online, noted Jerry Dixon, who formerly served as executive director of the National Cyber Security Division (NCSD) of the U.S. Department of Homeland Security. If it’s a targeted investigation, then undercover operations online have judicial oversight just like they do on the street, he explained.
“At a minimum, most police departments also have set procedures for how undercover work is to be carried out,” said Dixon, who now works as director of analysis for Team Cymru. “They need to have the same for online undercover operations specific to social networking sites. The other angle to consider is that if someone accepts a friend request from someone they really don’t know they are allowing law enforcement to be a party to the conversation meaning status updates, posts, and the like are fair game.”
“The key to this is making sure you have a magistrate or judge that is providing judicial oversight,” he continued. “People put themselves at risk also to discovery in civil or criminal cases too since that information can be gathered through court orders as well. No different than discovery done with EZ-Pass or cell phone records. When you put lots of pictures, information, and your business associates online you’re accepting a degree of risk.”
Source: http://www.eweek.com/By: Brian Prince
Electronic Sports League Suffers From DDOS Attacks
March 6, 2010
The Electronic Sports League has issued a statement to address recent problems in their network caused by a DDOS attack.
The ESL claims their Extreme Masters World Finals have been under attack by a malicious botnet from over a thousand IP’s.
“Since yesterday, we have been under attack by a malicious bot net. More than 1,000 IPs constantly flooded our data lines. For events of this size, we employ two redundant firewalls for our 100 MBit hard line by the German Telekom.
While our firewalls were able to block the incoming packets, the sheer amount of packet flood completely filled up the internet connection leading to our hall. You can see this on the attached graphs showing when the attacks happened today and their ferocity. This made it impossible to log on to the online parts of World of Warcraft, Counter-Strike and Quake Live, causing both drops and lags, and thus a tremendous amount of delay.
Unfortunately, just like on the streets, you can never be completely safe from criminals seeking to disturb and profit off of the general public. Still, we are constantly working on countering all attacks together with Deutsche Telekom and CeBIT organizer Deutsche Messe AG. Now, late on Wednesday we have been successful, so that World of Warcraft and Counter-Strike 1.6 are back on track and Quake Live can be resumed tomorrow.
Make no mistake: Making the tournament run smoothly and ensuring a consistent, high-quality coverage is our highest priority.” - Björn Metzdorf, Director IT
Days one and two of these “Extreme Masters World Finals” experience huge delays in all tournaments, with some matches being delayed up to 6 hours.
With Tournaments now reaching their later stages, with most matches taking place on the main stage (where these problems did not occur) thing are now expected to continue smoothly.
These guys should have used DOSarrest!
