Tag Archives: search-engine

Court Says Google Has A First Amendment Right To Delist Competitor’s ‘Spammy’ Content – Above the Law

Posted: February 19, 2017 at 10:55 am

Last summer, a Florida federal court reachedsome unusual conclusionsin a lawsuit filed by SEO company e-ventures, which felt Google had overstepped its bounds in delisting a lot of its links. Google defended itself, citing both Section 230 and the First Amendment. The court disagreed with both arguments.

As to Section 230, the court found that Googles delisting efforts werent in good faith. The reason cited was e-ventures claim that the delisting was in bad faith. So much for this seldom-used aspect of Section 230: the Good Samaritan clause which states no third-party company can be found liable for actions it takes to remove content it finds questionable. And so much for viewed in the light most favorable to the non-moving party. Apparently, Googles long history of spam-fighting efforts is nothing compared to an SEO wranglers pained assertions.

The court also said Google had no First Amendment right to handle its search rankings however it saw fit, which is more than a little problematic. While it admitted Googles search rankings were protected speech, its statements about how it handled search engines werent. And, for some reason, the court felt that Googles ads undermined its First Amendment protections because its desire to turn a profit somehow nullified its editorial judgment.

It was a strange decision and one that suggested this court might be considering getting into the business of telling service providers how to run their businesses. It also suggested this court believed the more successful the business was, the fewer rights and protections it had. These dubious conclusions prevented Google from having the case dismissed.

Fortunately, this wasnt the final decision. As Eric Goldman points out, last years denial only delayed the inevitable. After a few more rounds of arguments and legal paperwork, Google has prevailed. But theres not much to celebrate in this decision as the court has (again) decided toroute around Googles Section 230 Good Samaritan defense.

Regarding 230(c)(2), the court says spam can qualify as harassing or objectionable content (cite toe360insightwith a but-see to theSong Ficase). Still, the court says e-ventures brought forward enough circumstantial evidence about Googles motivations to send the case to a trial. By making it so Google cant even win on summary judgment, rulings like this just reinforce how Section 230(c)(2) is a useless safe harbor.

Had it ended there, Google would be still be facing e-ventures claims. But it didnt. The court takes another look at Googles First Amendment claims and finds that the search engine provider does actually have the right to remove spammy links. Beyond that, it finds Google even has the First Amendment right to remove competitors content. From theorder[PDF]:

[T]he First Amendment protects as speech the results produced by an Internet search engine. Zhang v. Baidu.com, Inc., 10 F. Supp. 3d 433, 435 (S.D.N.Y. 2014). A search engine is akin to a publisher, whose judgments about what to publish and what not to publish are absolutely protected by the First Amendment. See Miami Herald Publg Co. v. Tornillo, 418 U.S. 241, 258 (1974) (The choice of material to go into a newspaper . . .whether fair or unfairconstitute[s] the exercise of editorial control and judgment that the First Amendment protects.) The presumption that editorial judgments, no matter the motive, are protected expression is too high a bar for e-ventures to overcome.

And the court walks back its earlier conclusion the one that seemed to find profit-motivated editorial judgment to be unworthy of First Amendment protections.

Googles actions in formulating rankings for its search engine and in determining whether certain websites are contrary to Googles guidelines and thereby subject to removal are the same as decisions by a newspaper editor regarding which content to publish, which article belongs on the front page, and which article is unworthy of publication. The First Amendment protects these decisions, whether they are fair or unfair, or motivated by profit or altruism.

The case is now dismissed with prejudice which bars e-ventures from complaining about Googles delisting efforts in federal court. e-ventures has gone this far already in hopes of seeing its terms-violating content reinstated, so it will likely attempt to appeal this decision. But it really shouldnt. Its unlikely another set of judges will help it clear the First Amendment hurdle. Not only that, but this area of law should be well-settled by now, as Goldman points out:

Of course Google can de-index sites it thinks are spam. Its hard to believe were still litigating that issue in 2017; these issues were explored in suits likeSearchKingandKinderStartfrom over a decade ago.

The plaintiff was given a long leash by the court, which should have tossed last year. Even with the extra time and the court doings its Section 230 circumvention work for it, e-ventures still couldnt prevail.

Court Says Google Has A First Amendment Right To Delist Competitors Spammy Content

Dangerous: Judge Says It Was Objectively Unreasonable For Cox To Claim DMCA Safe Harbors Trump Tops Obama, Hands Over Full Torture Report To Court Previous Administration Refused To Apple Wants To Stop You Fixing Your iPhone And iPad: Source Says It Will Testify Against Right To Repair Legislation

See the article here:
Court Says Google Has A First Amendment Right To Delist Competitor’s ‘Spammy’ Content – Above the Law

Posted in First Amendment | Comments Off on Court Says Google Has A First Amendment Right To Delist Competitor’s ‘Spammy’ Content – Above the Law

Better Buy: Baidu Inc. vs. Amazon.com Inc. — The Motley Fool – Motley Fool

Posted: February 15, 2017 at 9:41 pm

Baidu (NASDAQ:BIDU) and Amazon.com (NASDAQ:AMZN) have both been very profitable plays for long-term shareholders. Shares of Baidu have risen 1,480% over the past ten years, while shares of Amazon have surged 2,050%.

Baidu and Amazon probably won’t repeat those massive gains over the next decade, but both tech giants remain solid investments — Baidu is the top search engine in China, and Amazon is the biggest e-commerce site and cloud platform provider in the world. Let’s compare both company growth trajectories and valuations to see which is a better buy at current prices.

Image source: Getty Images.

Baidu’s revenue grew 35% in fiscal 2015, but it’s only expected to rise 6% in fiscal 2016 when it reports its full-year earnings on Feb. 23. That slowdown was mainly caused by a government crackdown on misleading ads (especially for healthcare products) across its sites, a swap of its stake in online travel agencyQunarwith its rival Ctrip, and the overall slowdown of the Chinese economy.

But once those headwinds fade, Baidu’s top line is expected togrow 20% in fiscal 2017. That growth will likely be fueled by its investments in new and adjacent markets, like O2O (online-to-offline) services which integrate new services into its core mobile app, driverless vehicles, and artificial intelligence.

Amazon’s revenue rose 20% in fiscal 2015, 27% in fiscal 2016, and is expected to rise another 22% this year. That consistent growth can be attributed to the rapid growth of its core marketplace businesses and the growth of AWS (Amazon Web Services), the biggest cloud platform in the world. During fiscal 2016, AWS revenues surged 55% and accounted for 9% of its top line — compared to 7% in 2015.

Most of Baidu’s revenues come from ads, which have much higher margins than Amazon’s main marketplace business. However, Baidu’s operating margins have gradually declined over the past few years, due to the ramp up in its spending on O2O services and other businesses. Meanwhile, Amazon’s operating margins have gradually improved due to the growth of AWS, which has much higher margins than its marketplace business.

Source:YCharts.

Baidu’s net income rose 155% in fiscal 2015, but much of that gain came from the aforementioned share swap with Qunar and Ctrip. For fiscal 2016, analysts expect Baidu’s net earnings to fall nearly 10% on higher O2O investments in letting users order meals, hail cabs, make payments, and perform other tasks within its core app. Baidu needs these features to widen its moat against Tencent (NASDAQOTH:TCEHY), which squeezes similar features into its monolithic WeChat app. But looking forward, analysts expect Baidu’s earnings to rebound 33% in 2018 as those ecosystem investments bear fruit.

Amazon’s rising operating margins lifted its net income by 125% in 2015 and 298% in 2016. Analysts expect AWS’ top line growth and its steady operating margins to boost its net earnings by 49% this year and 75% in fiscal 2018. That impressive bottom line growth will give Amazon more freedom to use loss leading and low-margin strategies (like additional Prime services, Echo, Fire TV, Dash buttons) to expand its e-commerce ecosystem. However, investors should be aware that an ongoing price battle in the cloud platform market has forced AWS to repeatedly lower its prices — so the unit’s bottom line growth could still hit a few speed bumps in the near future.

Baidu trades at 14 times trailing earnings, which is much lower than the industry average of 50 for internet information providers. But its forward P/E of 32 is higher due to its expected slowdown in earnings growth.

Amazon has a trailing P/E of 192, which initially looks lofty but isn’t terribly high relative to its earnings growth in 2016. Its forward P/E of 65 also looks reasonable compared to earnings growth expectations for 2017 and 2018.

With high-growth internet companies like Baidu and Amazon, it’s also important to check their enterprise value to free cash flow (EV/FCF) ratios. A lower figure indicates that the company is “cheaper” relative to its free cash flow — which can be used to further expand their businesses. As seen in the following chart, Amazon looks much cheaper than Baidu by that key metric.

Source:YCharts.

I own shares of both Baidu and Amazon, and I still recommend buying both stocks as long-term tech investments. But if I can only buy one at current prices, I’d buy Amazon because it exhibits steadier top and bottom line growth with reasonable valuations. As for Baidu, investors should see if short-term concerns about its rising expenses punish the stock — which could reveal better buying opportunities.

Leo Sun owns shares of Amazon, Baidu, and Tencent. The Motley Fool owns shares of and recommends Amazon and Baidu. The Motley Fool recommends Ctrip.com International. The Motley Fool has a disclosure policy.

View original post here:

Better Buy: Baidu Inc. vs. Amazon.com Inc. — The Motley Fool – Motley Fool

Posted in Fiscal Freedom | Comments Off on Better Buy: Baidu Inc. vs. Amazon.com Inc. — The Motley Fool – Motley Fool

JPL Robotics: Home Page

Posted: September 8, 2016 at 6:40 am

Richard Volpe, Manager Gabriel Udomkesmalee, Deputy Manager Welcome to the JPL Robotics website! Here you’ll find detailed descriptions of the activities of the Mobility and Robotic Systems Section, as well as related robotics efforts around the Jet Propulsion Laboratory. We are approximately 100 engineers working on all aspects of robotics for space exploration and related terrestrial applications. We write autonomy software that drives rovers on Mars, and operations software to monitor and control them from Earth. We do the same for their instrument-placement and sampling arms, and are developing new systems with many limbs for walking and climbing. To achieve mobility off the surface, we are creating prototypes of airships which would fly through the atmospheres of Titan and Venus, and drills and probes which could go underground on Mars and Europa.

To enable all of these robots to interact with their surroundings, we make them see with cameras and measure their environments with other sensors. Based on these measurements, the robots control themselves with algorithms also developed by our research teams. We capture the control-and-sensor-processing software in unifying frameworks, which enable reuse and transfer among our projects. In the course of developing this technology, we build real end-to-end systems as well as high-fidelity simulations of how the robots would work on worlds we are planning to visit.

Please use the menu at left to navigate to the view of our work that is most important to you. Our application domains are described in general terms, and then specifically in the context of flight projects and research tasks. Personnel are described in terms of the groups that constitute the section, as well as the people who constitute the groups. Most of our major robot systems are described, as are the laboratory facilities in which they are developed and exercised. For more detailed information, our publications may be accessed through a search engine, or more recent news may be browsed. Finally, to provide context to our current work, our charter is documented, the history of JPL robotics is described, and links to other related work are provided.

Read the original post:

JPL Robotics: Home Page

Posted in Robotics | Comments Off on JPL Robotics: Home Page

The NSA – The Super Secret National Security Agency

Posted: May 7, 2016 at 3:47 am

– A Tale of Two Countries – New Zealand Apologizes for Illegal Domestic Spying, While U.S. Still Refuses to Acknowledge NSAs…

– Attacking Tor – How the NSA Targets Users’ Online Anonymity

– Citizens Against Unidentified Flying Objects Secrecy v. National Security Agency

– Clapper Reveals Bush-Era Docs Showing NSA Spying Dragnet Started 2001

– Covert Operations of the U.S. National Security Agency

– Creation of The NSA – from ‘The Secret Government – Origin, Identity and Purpose of MJ-12’

– DARPA – Defense Advanced Research Projects Agency – Main File

– Did the NSA Kill Hugo Chavez?

– Exposed The Covert, Real-Time Spying on Youtube, Facebook and Blogs

– Foiling Computer Hackers Top Priority With FBI, CIA, Pentagon, NSA

– ‘Follow the Money’ – NSA Spies on International Payments

– Foreign Officials in the Dark About their Own Spy Agencies’ Cooperation with NSA

– Google and The NSA Connection

– Google and The NSA – Whos Holding The ‘Shit-Bag’ Now?

– Google Asks NSA to Help Secure Its Network

– Google, CIA and the NSA – Inside the Secret Network behind Mass Surveillance, Endless War and Skynet

– Google to Enlist NSA to Help It Ward Off Cyber-Attacks

– Hidden Government Scanners Will Instantly Know Everything About You from 164 Feet Away

– High-Level U.S. Government Officials Have Warned for 40 Years that Mass Surveillance Would Lead to Tyranny…

– How Google, Facebook, Skype, Yahoo and AOL are All Blatantly Lying to Their Own Users in Denying NSA Spy Grid…

– How International Treaties Gave NSA Back-Door Access for Surveillance

– How NSA Access Was Built into Windows

– How the NSA Plans to Infect ‘Millions’ of Computers with Malware

– How the NSA Spies on Your Google and Yahoo Accounts

– Inside TAO – Documents Reveal Top NSA Hacking Unit

– Inside The NSAs Largest and Most Expansive Secret Domestic Spy Center in Bluffdale, Utah – Exposed

– It’s Not Just Spying – How the NSA Has Turned Into a Giant Profit Center for Corrupt Insiders

– Key to The Extraterrestrial Messages – NSA Technical Journal Vol XIV No 1

– La NSA Particip en El Desarrollo de Windows 7

– La Red Echelon – Main File

– Lawless NSA Global Spying

-Mat la NSA a Hugo Chvez?

– NSA Able to Target Offline Computers Using Radio-Waves for Surveillance, Cyber-Attacks

– NSA Boss Wants More Control Over The Internet

– NSA Built Back Door in All Windows Software by 1999

– NSA Claims Massive New Surveillance Powers

– NSA Director Defends Plan to Maintain ‘Backdoors’ Into Technology Companies

– NSA Gathers Data on Social Connections of U.S. Citizens

– NSA, GCHQ Using Data from ‘Leaky’ Smartphone Apps to Spy

– NSA has Built its Own, Secret, Warrantless, Shadow Social Network, and You’ve Already Joined It

– NSA Helped With Windows 7 Development – Privacy Expert Voices ‘Backdoor’ Concerns – Security Researchers Dismiss Idea

– NSA ‘Helping’ Microsoft With Windows 7 ‘Security’

– NSA Infiltrates Links to Yahoo and Google Data Centers Worldwide – Snowden Documents Say

– NSA – National Security Agency – Extrapolate Postmodum Prosum – Updated

– NSA Offering ‘Billions’ for Skype Eavesdrop Solution – Business Model for P2P Firm at Last?

– NSA Recent UFO Document Release More Interesting for What It “Could” Not Find

– NSA Refuses to Declassify Obamas Cybersecurity Directive – Exceptionally Grave Damage

– NSAs Computer and Mobile Spying – An Interview with Professor Tung Yin

– NSA’s Domestic Surveillance is Motivated by Fears that Environmental Disasters Could Fuel Anti-Government Activism

– NSA Secretly Exploited Devastating Heartbleed Bug for Years – Report

– NSA Security Running Amok to Plug Leaks About 9/11

– NSA Spying Did Not Result in a SINGLE Foiled Terrorist Plot

– NSA’s Top Hacking Unit

– NSA Top-Secret Document from 2012 – FOXACID – SECONDDATE – WILLOWVIXEN

– NSA Surveillance Goes Beyond Orwell’s Imagination – Says Alan Rusbridger

– NSA Took Part in The Development of Windows 7

– NSA Wants EZ Pass Control for Internet

-“Obese Intelligence” – The NSA Search Engine

– Quantum Insert

– Radio Mensajes Provenientes del Espacio Exterior – Documento Desclasificado de La NSA

– Russian Researchers Expose Breakthrough U.S. Spying Program

– Secret Archives – National Security & Privacy

View post:
The NSA – The Super Secret National Security Agency

Posted in NSA | Comments Off on The NSA – The Super Secret National Security Agency

How to: Use Tor for Windows | Surveillance Self-Defense

Posted: March 23, 2016 at 6:42 am

What is Tor?

Tor is a volunteer-run service that provides both privacy and anonymity online by masking who you are and where you are connecting. The service also protects you from the Tor network itself.

For people who might need occasional anonymity and privacy when accessing websites, Tor Browser provides a quick and easy way to use the Tor network.

The Tor Browser works just like other web browsers, except that it sends your communications through Tor, making it harder for people who are monitoring you to know exactly what you’re doing online, and harder for people monitoring the sites you use to know where you’re connecting from. Keep in mind that only activities you do inside of Tor Browser itself will be anonymized. Having Tor Browser installed on your computer does not make things you do on the same computer using other software (such as your regular web browser) anonymous.

Open a browser like Mozilla Firefox, Google Chrome, Microsoft Internet Explorer, or Microsoft Edge and go to:

https://www.torproject.org/projects/torbrowser.html.en

If you are using a search engine to look for the Tor Browser, make sure that the URL is correct.

Do not use any other source, and if you are prompted to accept alternative HTTPS (SSL/TLS) security certificates, do not proceed.

Click the large Download button, or scroll down to the Tor Browser Downloads section. Click on your desired language and OS version (Windows 32/64-bit).

Some browsers will ask you to confirm whether you want to download this file. Internet Explorer 11 shows a bar at the bottom of the browser window. For any browser, it is best to save the file first before proceeding. Click the Save button.

This example shows Tor Browser version 5.0.3 which is the current version at the time of writing this guide. There may be a more recent version of Tor Browser available for download by the time you read this, so please download and use the current version that Tor Project provides.

After the download is complete, you might get an option to open the folder where the file was downloaded to. The default location is the Downloads folder. Double-click on the file torbrowser-install-5.0.3_en-US.exe.

After double-clicking on the Tor Browser installer, a window will open with a warning about the origin of the software. You should always take these warnings seriously and make sure you trust the software you want to install and that you got an authentic copy from the official site over a secure connection. Since you know what you want, and you know where to get the software, and the download was from the Tor Project’s secure HTTPS site, go ahead and click Run.

A small window will open asking what language you want to use for the Tor Browser. There are several to choose from. Pick the language you want and click the OK button.

You’ll find a new window that will tell you where the Tor Browser will be installed. The default location is your desktop. You can change this to be a different location if you want, but for now keep the default.

The installation process is complete when you see a window that says you have completed the installation process. If you click the Finish button, the Tor Browser will start immediately and Start Tor Browser shortcuts will be added to the Start Menu and Desktop.

The first time Tor Browser starts, you’ll get a window that allows you to modify some settings if necessary. You might have to come back and change some configuration settings, but go ahead and try to connect to the Tor network by clicking the Connect button.

A new window will open with a green bar that illustrates Tor Browser connecting to the Tor network.

The first time Tor Browser starts it might take a bit longer than usual; but be patient, within a minute or two Tor Browser will open and congratulating you.

Click on the Tor Onion logo in the upper left of Tor Browser then the Privacy and Security Settings.

Some features of a normal web browser can make you vulnerable to man-in-the-middle attacks. Other features have previously had bugs in them that revealed users’ identities. Turning the security slider to a high setting disables these features. This will make you safer from well-funded attackers who can interfere with your Internet connection or use new unknown bugs in these features. Unfortunately, turning off these features can make some websites unusable. The default low setting is fine for everyday privacy protection, but you can set it to high if you are worried about sophisticated attackers, or if you don’t mind if some websites do not display correctly.

More:
How to: Use Tor for Windows | Surveillance Self-Defense

Posted in Tor Browser | Comments Off on How to: Use Tor for Windows | Surveillance Self-Defense

Chinas aggressive new censorship weapon can cripple your website

Posted: April 12, 2015 at 6:43 am

Provided by Quartz Dark designs

China has acquired a powerful new weapon in itsefforts to strictly controlinternet access and content.

Thats according to anew report released Apr. 10 by Citizen Lab, a research group at the University of Torontos Munk School of Global Affairs. It sheds more light on the recent distributed denial-of-service (DDoS) attacksagainst popular programming siteGitHub, and the nonprofit site GreatFire.org, which replicates websites already blocked by Chinese censors.

Citizen Lab says it had identified the new weaponwhich it has named Chinas Great Cannonresponsible for both attacks.

Located within Chinas massive Great Firewall censorship apparatus, the Great Cannon appears to operate asa separate tool thathijacks traffic to (or presumably from) individual IP addresses, and canarbitrarily replace unencrypted content as a man-in-the-middle,according to Citizen Lab.

In the case of online code repositoryGitHub, the Great Cannon was able to alter script distributed by Chinese search engine Baidu, redirecting massive amounts of bad trafficback towardsGitHubs servers in late March, reports the Verge. The attack, which lasted several days, was the largest the companyhad ever experienced.

While the Great Cannons ability to target and potentially take down websites is worrying enough, its also possible that the technologycould be tweaked in order to plant malware in millions of computers communicating with vulnerable Chinese servers, according to TechCrunch.

Those familiar with Edward Snowdens revelations may remember that the US already has this capability through the formerly top-secret NSA program QUANTUM.Unlike the US government, which attempted to keep the existence of QUANTUM a secret, China doesnot seem particularlyconcerned with hidingthis newest addition to it censorship arsenal. This brazenness both confuses and concerns the researchers at CitizenLab.

We remain puzzled as to why the GCs operator chose to first employ its capabilities in such a publicly visible fashion. Conducting such a widespread attack clearly demonstrates the weaponization of the Chinese Internet to co-opt arbitrary computers across the web and outside of China to achieve Chinas policy ends. The repurposing of the devices of unwitting users in foreign jurisdictions for covert attacks in the interests of one countrys national priorities is a dangerous precedentcontrary to international norms and in violation of widespread domestic laws prohibiting the unauthorized use of computing and networked systems.

See the original post here:
Chinas aggressive new censorship weapon can cripple your website

Posted in Censorship | Comments Off on Chinas aggressive new censorship weapon can cripple your website

'Great Cannon' widens China censorship: Researchers

Posted: April 11, 2015 at 7:43 am

WASHINGTON – China has expanded its Internet censorship efforts beyond its borders with a new strategy that attacks websites across the globe, researchers said Friday.

The new strategy, dubbed “Great Cannon,” seeks to shut down websites and services aimed at helping the Chinese circumvent the “Great Firewall,” according to a report by the Citizen Lab at the University of Toronto.

“While the attack infrastructure is co-located with the Great Firewall, the attack was carried out by a separate offensive system, with different capabilities and design, that we term the ‘Great Cannon,'” the report said.

“The Great Cannon is not simply an extension of the Great Firewall, but a distinct attack tool that hijacks traffic to (or presumably from) individual IP addresses.”

The report supports claims by the activist organisation GreatFire, which last month claimed China was seeking to shut down its websites that offer “mirrored” content from blocked websites like those of the New York Times and others.

The technique involves hijacking Internet traffic to the big Chinese search engine Baidu and using that in “denial of service” attacks which flood a website in an effort to knock it offline.

The report authors said the new tool represents “a significant escalation in state-level information control” by using “an attack tool to enforce censorship by weaponizing users.”

The Great Cannon manipulates the traffic of “bystander” systems including “any foreign computer that communicates with any China-based website not fully utilizing (encryption).”

‘Puzzling’ openness

The Citizen Lab researchers said they found “compelling evidence that the Chinese government operates the GC (Great Cannon),” despite Beijing’s denials of involvement in cyberattacks.

Read more here:
'Great Cannon' widens China censorship: Researchers

Posted in Censorship | Comments Off on 'Great Cannon' widens China censorship: Researchers

China's 'Great Cannon' DDoS tool enforces Internet censorship

Posted: at 7:43 am

China is deploying a tool that can be used to launch huge distributed denial-of-service (DDoS) attacks to enforce censorship. Researchers have dubbed it the Great Cannon.

The first time the tool was seen in action was during the massive DDoS attacks that hit software development platform GitHub last month. The attack sent large amounts of traffic to the site, targeting Chinese anti-censorship projects hosted there. It was the largest attack the site has endured in its history.

That attack was first thought to have been orchestrated using Chinas Great Firewall, a sophisticated ring of networking equipment and filtering software used by the government to exert strict control over Internet access in the country. The firewall is used to block sites like Facebook and Twitter as well as several media outlets.

However, while the Great Cannon infrastructure is co-located with the Great Firewall, it is a separate, offensive system, with different capabilities and design, said researchers at the University of California, Berkeley, and the University of Toronto on Friday.

The Great Cannon is not simply an extension of the Great Firewall, but rather a distinct tool that hijacks traffic to individual IP addresses, and can arbitrarily replace unencrypted content by sitting between the Web server and end usera method known as a man-in-the-middle attack. The system is used to manipulate the traffic of systems outside of China, silently programming browsers to create a massive DDoS attack, the researchers said.

The attack method deployed against Github injected malicious Javascript into browsers connecting to the Chinese search engine Baidu. When the Great Cannon sees a request for certain Javascript files on one of Baidus infrastructure servers that host commonly used analytics, social, or advertising scripts, it appears to take one of two actions. It either passes the request to Baidus servers, which has happened over 98 percent of the time, or it drops the request before it reaches Baidu and instead sends a malicious script back to the requesting user, which has happened about 1.75 percent of the time, the report said.

In the latter case, the requesting user would be an individual outside China browsing a website making use of a Baidu infrastructure server, such as sites with ads served by Baidus ad network. In the DDos attack against GitHub, the malicious script was used to enlist the requesting user as an unwitting participant, the report said.

These findings are in line with an analysis by the Electronic Frontier Foundation (EFF) that described the attack method used last week. According to the EFF, the attack was obviously orchestrated by people who had access to backbone routers in China and was only possible because the Baidu analytics script that is included on sites does not use encryption by default. A wider use of HTTPS could have prevented the attack, it found.

The Berkeley and Toronto researchers confirmed the suspicions about the origin of the attack, saying they believe there is compelling evidence that the Chinese government operates the cannon. They tested two international Internet links into China belonging to two different Chinese ISPs, and found that in both cases the Great Cannon was co-located with the Great Firewall. This strongly suggests a government actor, they said.

While DDoS attacks are quite crude, the Great Cannon can also be used in more sophisticated ways. A technically simple configuration change, switching the system to operating on traffic from a specific IP address rather than to a specific address, would allow Beijing to deliver malware to any computer outside of China that communicates with any Chinese server not employing cryptographic protections, they said.

Read the rest here:
China's 'Great Cannon' DDoS tool enforces Internet censorship

Posted in Censorship | Comments Off on China's 'Great Cannon' DDoS tool enforces Internet censorship

'Great Cannon' is widening China censorship, say researchers (Update)

Posted: at 7:43 am

21 hours ago by Rob Lever China has expanded its Internet censorship efforts beyond its borders with a new strategy that attacks websites across the globe, researchers say

China has expanded its Internet censorship efforts beyond its borders with a new strategy that attacks websites across the globe, researchers said Friday.

The new strategy, dubbed “Great Cannon,” seeks to shut down websites and services aimed at helping the Chinese circumvent the “Great Firewall,” according to a report by the Citizen Lab at the University of Toronto.

“While the attack infrastructure is co-located with the Great Firewall, the attack was carried out by a separate offensive system, with different capabilities and design, that we term the ‘Great Cannon,'” the report said.

“The Great Cannon is not simply an extension of the Great Firewall, but a distinct attack tool that hijacks traffic to (or presumably from) individual IP addresses.”

The report supports claims by the activist organization GreatFire, which last month claimed China was seeking to shut down its websites that offer “mirrored” content from blocked websites like those of the New York Times and others.

The technique involves hijacking Internet traffic to the big Chinese search engine Baidu and using that in “denial of service” attacks which flood a website in an effort to knock it offline.

The report authors said the new tool represents “a significant escalation in state-level information control” by using “an attack tool to enforce censorship by weaponizing users.”

The Great Cannon manipulates the traffic of “bystander” systems including “any foreign computer that communicates with any China-based website not fully utilizing (encryption).”

‘Puzzling’ openness

See the article here:
'Great Cannon' is widening China censorship, say researchers (Update)

Posted in Censorship | Comments Off on 'Great Cannon' is widening China censorship, say researchers (Update)

China anti-censorship projects attract GitHub's largest ever DDoS attacks

Posted: March 30, 2015 at 11:42 am

Home News Security China anti-censorship projects attract GitHub’s largest ever DDoS attacks GitHub has halted most of the distributed denial-of-service (DDoS) attacks it has faced from Thursday of last week.

Share

A GitHub service called Gists, which lets people post bits of code, was still affected,the site said yesterday (Sunday 29 March). On Twitter, GitHub said it continued to adapt its defenses.

The attacks appeared to focus specifically on two projects hosted on GitHub, according to a blogger who goes by the nickname of Anthr@Xon a Chinese- and English-language computer security forum.

One project mirrors the content of The New York Times for Chinese users, and the other is run by Greatfire.org, a group that monitors websites censored by the Chinese government and develops ways for Chinese users to access banned services.

China exerts strict control over Internet access through its “Great Firewall,” a sophisticated ring of networking equipment and filtering software. The country blocks thousands of websites, including ones such as Facebook and Twitter and media outlets such as The Wall Street Journal, The New York Times and Bloomberg.

Anthr@X wrote that it appeared advertising and tracking code used by many Chinese websites appeared to have been modified in order to attack the GitHub pages of the two software projects.

The tracking code was written by Baidu, but it did not appear the search engine — the largest in China — had anything to do with it. Instead, Anthr@X wrote that some device on the border of China’s inner network was hijacking HTTP connections to websites within the country.

The Baidu tracking code had been replaced with malicious JavaScript that would load the two GitHub pages every two seconds. In essence, it means the attackers had roped in regular Internet users into their attacks without them knowing.

“In other words, even people outside China are being weaponised to target things the Chinese government does not like, for example, freedom of speech,” Anthr@X wrote.

Originally posted here:
China anti-censorship projects attract GitHub's largest ever DDoS attacks

Posted in Censorship | Comments Off on China anti-censorship projects attract GitHub's largest ever DDoS attacks