
Why the silencing of KrebsOnSecurity opens a troubling chapter for the ‘Net - vezycash
http://arstechnica.com/security/2016/09/why-the-silencing-of-krebsonsecurity-opens-a-troubling-chapter-for-the-net/
======
kyledrake
I'm not exaggerating at all when I describe this to people as the internet's
first existential threat. If things continue to go the way they are, the
entire internet will either cease to practically function at all, or it will
be nearly completely routed through a small number of enormous centralized
corporations running datacenter-sized DDoS scrubbers. Running a web site
without being attached to massive amounts of routing power would be rendered
impossible.

It's time we started taking this more seriously. It's really, really, really
bad.

~~~
languagewars
I'm really puzzled as to why signed hashes have not essentially fixed the
problem for people with largely static sites, like Krebs, AFAIK. No one needs
to know how Krebs feeds new signed versions of his website into a proxy cache
of at least one ISP, then the resources to block it somewhere are the
resources to bring down an ISP from within its clients.

In many respects, Akamai is (or was?) that proxycache system and all that is
broken is viewing it as an independent entity that doesn't inherently have to
have greater resources than all compromised clients. If every ISP were
providing that replication for the most hit (such as most attacked) sites then
offlining sufficient hacked clients to keep their cache running becomes an
entirely local problem.

