Hacking

SPOTLIGHT ON SECURITY

SOPA Backpedaling Has InfoSec Boffins Breathing Easier

As far as SOPA’s critics are concerned, “if something works, break it” seemed to be the motto of the U.S. Congress last week as it rushed to pass a controversial bill that security experts maintained could throw a bomb into the gearbox of the Internet.

The Stop Online Piracy Act (SOPA), filed in the U.S. House of Representatives, and its Senate counterpart, the Protect IP Act (PIPA), propose Internet Service Providers (ISPs) be called on to block the DNS addresses of websites suspected of violating the rights of copyright holders.

But after weeks of howling by opponents of the legislation, capped by a one-day blackout of Wikipedia and other sites in protest of the measure, the sponsors of the bills decided to strip out the DNS requirements in their measures.

“After consultation with industry groups across the country, I feel we should remove Domain Name System blocking from the Stop Online Piracy Act so that the [Judiciary] Committee can further examine the issues surrounding this provision,” SOPA’s sponsor Lamar Smith (R-Texas) said.

PIPA’s sponsor, Patrick Leahy (D-Vermont), was skeptical of the critics of the DNS provisions in his bill, but also agreed to shelve the provision.

“I remain confident that the ISPs — including the cable industry, which is the largest association of ISPs — would not support the legislation if its enactment created the problems that opponents of this provision suggest,” he said.

“Nonetheless,” he continued, “this is in fact a highly technical issue, and I am prepared to recommend we give it more study before implementing it.”

Smith’s and Leahy’s DNS concessions were good news for white hats like Dan Brown, a senior security researcher with Bit9. “Anyone who understands how the Internet works thinks it’s a bad idea for Congress to fiddle with something they don’t understand,” he told TechNewsWorld.

“These bills are still bad because they will have a negative impact on free speech and free communication on the Internet,” he asserted, “but they appear to be moving in the direction of not having any major technological impact on the Internet.”

Hactivists Draft Unwary

Government and big business once again clashed with the anarchic hacker collective Anonymous last week. The sore point between the two this time was the FBI’s shutdown of the alleged pirate haven Megaupload — which has an Alexa global ranking of 72 — and the arrest of its founder and other executives in the company.

Megaupload has been in and out of hot water since it was launched in March 2005. Since that time, according to the FBI, the site has produced US$175 million in “criminal proceeds” for its owners.

In retaliation for the government action, Anonymous launched a series of denial of service attacks against servers at the U.S. Department of Justice, the Motion Picture Association of America and Universal Recording. The attacks were able to cripple or stop operation of those sites temporarily. To do so, however, the hactivists had to resort to unusual tactics.

Through Twitter and the group’s chat rooms, it spread a booby-trapped URL. Clicking on the Web address involuntarily made the clicker into one of Anonymous’s attacking hordes.

After clicking on such a link, Gawker’s Adrian Chen wrote, “[I] found myself instantly DDoSing Universalmusic.com, my computer rapidly pinging the page with no way to stop except quickly closing the window.”

Cupid Stupid

Those in love are known to be a bit irrational, and a current trend among adolescents sharing affections is another sign of it. The New York Times has reported that it has become fashionable for young lovers to express their undying allegiance to each other by sharing their passwords to email, Facebook and other personal websites.

“From an IT security standpoint, it’s a nightmare,” Morgan Slain, CEO of SplashData, which makes a password app for mobile devices, told TechNewsWorld.

“I can understand that there are passwords that couples want to share, like the ones to the PlayStation, xBox or “World of Warcraft” accounts, but when you get to something like email, it’s a nightmare,” he said. “You can use an email account to change the passwords at so many other sites. It’s really risky.”

He suggested that parents have a conversation with their kids about the dangers of password swapping. If that conversation proves ineffective and, given the shelf life of many youthful pairings, an acrimonious breakup should occur between password-sharing lovers, Slain recommends, “At first sign of trouble, you should change your password.”

John Mello is a freelance technology writer and former special correspondent for Government Security News.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

More by John P. Mello Jr.
More in Hacking

Technewsworld Channels