Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Anonymous Says DDoS Attacks Like Free Speech
Newest First  |  Oldest First  |  Threaded View
<<   <   Page 2 / 2
Laurianne
50%
50%
Laurianne,
User Rank: Apprentice
1/11/2013 | 7:23:21 PM
re: Anonymous Says DDoS Attacks Like Free Speech
My colleague at Dark Reading, Kelly Jackson Higgins, points out that this same issue came up at the most recent DefCon conference. Read more about it: http://www.darkreading.com/dat...

Laurianne McLaughlin
InformationWeek
Nyuk
50%
50%
Nyuk,
User Rank: Apprentice
1/11/2013 | 7:05:27 PM
re: Anonymous Says DDoS Attacks Like Free Speech
After seeing the faces of IT execs hearing that they are being attacked I'd go further to classify them as terrorism.

Release the drones on them! (At risk of having them taken over. ;-)
jries921
50%
50%
jries921,
User Rank: Ninja
1/11/2013 | 6:35:33 PM
re: Anonymous Says DDoS Attacks Like Free Speech
Good point. Unless the owners of all the machines used agreed to participate in the DDoS attack, the attackers are engaging in what amounts to burglary and hijacking (regardless of what the law may happen to say).
jries921
50%
50%
jries921,
User Rank: Ninja
1/11/2013 | 6:32:12 PM
re: Anonymous Says DDoS Attacks Like Free Speech
Right!

...and setting off Molotov cocktails is covered by the right to keep and bear arms!

I agree that corporate political expenditures aren't free speech either (as the late Justice Hugo Black famously said, "Speech is speech"), but dubious Supreme Court precedents are no excuse.

DDoS attacks are harassment, not speech.
ikeman
50%
50%
ikeman,
User Rank: Apprentice
1/11/2013 | 6:25:41 PM
re: Anonymous Says DDoS Attacks Like Free Speech
Doesn't DDoS imply that several compromised systems were required to make this so-called protest? By doing so, they are implicitly including other people in the protest who may not agree with the protest, and they've hacked their computers...sorry, they need to rethink that argument, unless all the computers involved to create the DDoS attack are all their own computers. Plus, protesting should be one person to one protest ratio, not one person can make thousands of the same protest ratio.
irishutopia
50%
50%
irishutopia,
User Rank: Apprentice
1/11/2013 | 6:21:26 PM
re: Anonymous Says DDoS Attacks Like Free Speech
hmm...an interesting spin on the idea, but wouldn't this lead to everyone throwing down random DDoS attacks in the name of protest?
lgaryHB
50%
50%
lgaryHB,
User Rank: Apprentice
1/11/2013 | 6:17:01 PM
re: Anonymous Says DDoS Attacks Like Free Speech
At the risk of being attacked by Anonymous, I would argue that their premise is cute, but flawed. An Occupy protest sits on public property outside of the established business. Were they to enter the business they are protesting, they would be violating laws on the books, not exercising free speech rights. Also, business is still being conducted inside the premises. DDoS attacks are not by definition staying on the public square, but are entering the established online business site. You cannot knock on the door of an online web page without entering. The attacker might also be violating that business or individual's free speech rights by blocking the web page from being presented in the public internet. And if you were to repeatedly knock on a real business's door thousands of times a second, you would be subject to harassment charges if not trespassing. That is not speech nor is it peaceable assembly.
jerrynesmith
50%
50%
jerrynesmith,
User Rank: Apprentice
1/11/2013 | 6:06:59 PM
re: Anonymous Says DDoS Attacks Like Free Speech
I thought this (DDoS as Freedom of Speech) a ridiculous notion. But I thought the same of corporations' having protected freedom of speech as a person and freedom of speech being spending unlimited money on political campaigns and remaining anonymous.
<<   <   Page 2 / 2


News
FluBot Malware's Rapid Spread May Soon Hit US Phones
Kelly Sheridan, Staff Editor, Dark Reading,  4/28/2021
Slideshows
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer,  4/30/2021
Commentary
How to Secure Employees' Home Wi-Fi Networks
Bert Kashyap, CEO and Co-Founder at SecureW2,  4/28/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-36124
PUBLISHED: 2021-05-07
Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by XML External Entity (XXE) injection. An authenticated attacker can compromise the private keys of a JWT token and reuse them to manipulate the access tokens to access the platform as any desired user (clients and administrators).
CVE-2020-36125
PUBLISHED: 2021-05-07
Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by incorrect access control where password revalidation in sensitive operations can be bypassed remotely by an authenticated attacker through requesting the endpoint directly.
CVE-2020-36126
PUBLISHED: 2021-05-07
Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by incorrect access control that can lead to remote privilege escalation. PAXSTORE marketplace endpoints allow an authenticated user to read and write data not owned by them, including third-party users, application and payment term...
CVE-2020-36127
PUBLISHED: 2021-05-07
Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by an information disclosure vulnerability. Through the PUK signature functionality, an administrator will not have access to the current p12 certificate and password. When accessing this functionality, the administrator has the opt...
CVE-2020-36128
PUBLISHED: 2021-05-07
Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by a token spoofing vulnerability. Each payment terminal has a session token (called X-Terminal-Token) to access the marketplace. This allows the store to identify the terminal and make available the applications distributed by its ...