Great report on DDoS attacks

A group at the Berkman Center—led by StopBadware's co-founder and Board member emeritus, John Palfrey—just released a great report about the impact of distributed denial of service (DDoS) attacks on the websites of independent media and human rights organizations.

From a badware standpoint, there were several interesting bits. For example:

[A sysadmin for a human rights site] reported that attackers hacked into his site to insert malicious code with the intent of triggering anti-virus warnings for the site and thereby scaring users from accessing the site and slowing their Internet connections by causing them to download large packages of Trojan horse software.

This is the first we've heard of Google's or others' badware detection and warning systems being used deliberately for a de facto denial of service attack. Of course, because such attacks may often go unreported, it's likely there have been others. It's worth noting that this doesn't invalidate the use of such warning systems—the targeted site's visitors really were at risk once the site had been compromised. The core problem is the set of conditions that allow the site to become compromised in the first place. This is often due in part to a lack of technical/security expertise at the organization:

A main theme that we have heard from respondents [to a survey of organizations likely to be targeted] was the need to bridge the divide between technology organizations capable of protecting against attacks and the independent media who need protection.

The report also touches on a number of other themes of interest to the StopBadware community, such as the importance of disrupting botnets, the threat of targeted malware attacks, and the challenges of identifying the perpetrators of attacks. If you are interested in understanding more about DDoS attacks—how they work, how organizations can help protect themselves against them, or what the security community can do to help the targeted organizations—I urge you to read the whole report. (PDF)

StopBadware turns four, spins off from Berkman

Four years ago today, was announced as a Berkman Center project, with the ambitious goal of fighting badware by building and sharing knowledge through the collective efforts of the community. As the project has evolved, our activities have changed, but the goal has remained the same. So, too, have the tremendous spirit and support of the dedicated individuals and organizations that make our work possible.

Over the past year, our small team has worked with the Berkman Center leadership, our corporate partners, our advisory board and working group, and other key volunteers to figure out how we could make StopBadware even better and how we could lay a strong foundation to carry the organization forward as we enter our fifth year. During this process, we made the difficult decision to leave the Berkman nest and spread our wings as an independent organization.

After months of planning, fundraising, paperwork, and more planning, the time has come. This morning, we announced that the work of has migrated to StopBadware, Inc., a new non-profit organization based here in Cambridge, Massachusetts. While we have dropped the .org for vanity's sake—it becomes cumbersome to say "StopBadware dot org" all the time—the spirit (and finances) of a .org still apply. In fact, even with the generous backing of our corporate partners, Google, PayPal, and Mozilla, it will be more important than ever for individuals to contribute to our success. Some of our most important work is done by people who contribute their time, whether assisting website owners at, coding for LittleVoice, or getting involved in some other way.

In celebration of this new stage of our existence, we've updated our logo and colors, as well as some of the content on our website. Over the next few months, watch for more changes, both aesthetic and substantive, as we embark on this new adventure. As always, we welcome your feedback and guidance.

Finally, we want to express our gratitude to our founders and principal investigators at the Berkman Center, Professor Jonathan Zittrain and Professor John Palfrey, to Berkman's executive director, Urs Gasser, and to the Berkman Center staff for making the past four years—and the future—of StopBadware possible.

The press release can be found here. platform now open source

A couple years ago, we started building a new web platform to serve as the basis for our online community site. One goal of the platform was to be easy to use for computer novices, while incorporating more advanced features for power users. Equally important was a goal of making it easy for someone to ask a question and for everyone else to easily see the most valuable responses and the most helpful users. Finally, we wanted the design of the site to facilitate the organic growth of a community organized around a particular interest.

The platform, which we named LittleVoice, is now in use by both and by our sister project here at Berkman, Herdict, for their discussion board. While we're not sure we've fully realized the goals described above just yet, we think the platform is off to a good start. That's why we've decided to release the code as open source and post it on github, where anyone can take advantage of the initial release and/or contribute to making the product better. StopBadware's lead developer, Brandon Palmen, will be coordinating releases. Here are a few ways you can help:

If you decide to use LittleVoice for your own online community, please let us know (feel free to add it directly to the wiki).