ACTA nothing new.


Under a World War II-era law, the US president appears to have authority to disconnect computer systems and servers from the internet in the event of a national emergency. But the next US Congress is poised to change that.

The law was passed in 1942. The Japanese attack on Perl Harbor had provoked fear of a foreign invasion of US soil, and Congress responded by giving President Franklin Roosevelt broad power to commandeer or shutter telephone and telegraph networks.

Nearly 70 years later, telegraph networks have disappeared, and the telephone is only one of many means of communication.

But although the 1942 law makes no mention of the internet – merely of “any facility or station for wire communication” – the Obama administration in June told congress it would cite it in an emergency.

It has not been tested in court, but experts say section 706(d) of the Communications Act could give the president wide-ranging authority to shut down key computer systems.

With typical Washington hyperbole, the law has become known as the presidential “internet kill switch”.

Advertisements

Tor vs. I2P and a little Freev&net


There are a great many other applications and projects working on anonymous communication and I2P has been inspired by much of their efforts. This is not a comprehensive list of anonymity resources – both freehaven’s Anonymity Bibliography and GNUnet‘s related projects serve that purpose well. That said, a few systems stand out for further comparison. The following are discussed on this page:

The following are discussed on the other networks page:

The content of this page is subject to update, discussion and dispute, and we welcome comments and additions. You may contribute an analysis by entering a new ticket on trac.i2p2.de.

Tor / Onion Routing

[Tor] [Onion Routing]Tor and Onion Routing are both anonymizing proxy networks, allowing people to tunnel out through their low latency mix network. The two primary differences between Tor / Onion-Routing and I2P are again related to differences in the threat model and the out-proxy design (though Tor supports hidden services as well). In addition, Tor takes the directory-based approach – providing a centralized point to manage the overall ‘view’ of the network, as well as gather and report statistics, as opposed to I2P’s distributed network database and peer selection.

The I2P/Tor outproxy functionality does have a few substantial weaknesses against certain attackers – once the communication leaves the mixnet, global passive adversaries can more easily mount traffic analysis. In addition, the outproxies have access to the cleartext of the data transferred in both directions, and outproxies are prone to abuse, along with all of the other security issues we’ve come to know and love with normal Internet traffic.

However, many people don’t need to worry about those situations, as they are outside their threat model. It is, also, outside I2P’s (formal) functional scope (if people want to build outproxy functionality on top of an anonymous communication layer, they can). In fact, some I2P users currently take advantage of Tor to outproxy.

See also the the Tor FAQ for a Tor/I2P comparison from the Tor perspective.

Comparison of Tor and I2P Terminology

While Tor and I2P are similar in many ways, much of the terminology is different.

Tor I2P
Cell Message
Client Router or Client
Circuit Tunnel
Directory NetDb
Directory Server Floodfill Router
Entry Guards Fast Peers
Entry Node Inproxy
Exit Node Outproxy
Hidden Service Eepsite or Destination
Hidden Service Descriptor LeaseSet
Introduction point Inbound Gateway
Node Router
Onion Proxy I2PTunnel Client (more or less)
Relay Router
Rendezvous Point somewhat like Inbound Gateway + Outbound Endpoint
Router Descriptor RouterInfo
Server Router

Benefits of Tor over I2P

  • Much bigger user base; much more visibility in the academic and hacker communities; benefits from formal studies of anonymity, resistance, and performance; has a non-anonymous, visible, university-based leader
  • Has already solved some scaling issues I2P has yet to address
  • Has significant funding
  • Has more developers, including several that are funded
  • More resistant to state-level blocking due to TLS transport layer and bridges (I2P has proposals for “full restricted routes” but these are not yet implemented)
  • Big enough that it has had to adapt to blocking and DOS attempts
  • Designed and optimized for exit traffic, with a large number of exit nodes
  • Better documentation, has formal papers and specifications, better website, many more translations
  • More efficient with memory usage
  • Tor client nodes have very low bandwidth overhead
  • Centralized control reduces the complexity at each node and can efficiently address Sybil attacks
  • A core of high capacity nodes provides higher throughput and lower latency
  • C, not Java (ewww)

Benefits of I2P over Tor

  • Designed and optimized for hidden services, which are much faster than in Tor
  • Fully distributed and self organizing
  • Peers are selected by continuously profiling and ranking performance, rather than trusting claimed capacity
  • Floodfill peers (“directory servers”) are varying and untrusted, rather than hardcoded
  • Small enough that it hasn’t been blocked or DOSed much, or at all
  • Peer-to-peer friendly
  • Packet switched instead of circuit switched
    • implicit transparent load balancing of messages across multiple peers, rather than a single path
    • resilience vs. failures by running multiple tunnels in parallel, plus rotating tunnels
    • scale each client’s connections at O(1) instead of O(N) (Alice has e.g. 2 inbound tunnels that are used by all of the peers Alice is talking with, rather than a circuit for each)
  • Unidirectional tunnels instead of bidirectional circuits, doubling the number of nodes a peer has to compromise to get the same information.
  • Protection against detecting client activity, even when an attacker is participating in the tunnel, as tunnels are used for more than simply passing end to end messages (e.g. netDb, tunnel management, tunnel testing)
  • Tunnels in I2P are short lived, decreasing the number of samples that an attacker can use to mount an active attack with, unlike circuits in Tor, which are typically long lived.
  • I2P APIs are designed specifically for anonymity and security, while SOCKS is designed for functionality.
  • Essentially all peers participate in routing for others
  • The bandwidth overhead of being a full peer is low, while in Tor, while client nodes don’t require much bandwidth, they don’t fully participate in the mixnet.
  • Integrated automatic update mechanism
  • Both TCP and UDP transports
  • Java, not C (ewww)

Other potential benefits of I2P but not yet implemented

…and may never be implemented, so don’t count on them!

  • Defense vs. message count analysis by garlic wrapping multiple messages
  • Defense vs. long term intersection by adding delays at various hops (where the delays are not discernible by other hops)
  • Various mixing strategies at the tunnel level (e.g. create a tunnel that will handle 500 messages / minute, where the endpoint will inject dummy messages if there are insufficient messages, etc)

Freenet

[Freenet]Freenet is a fully distributed, peer to peer anonymous publishing network, offering secure ways to store data, as well as some approaches attempting to address the loads of a flash flood. While Freenet is designed as a distributed data store, people have built applications on top of it to do more generic anonymous communication, such as static websites and message boards.

Compared to I2P, Freenet offers some substantial benefits – it is a distributed data store, while I2P is not, allowing people to retrieve the content published by others even when the publisher is no longer online. In addition, it should be able to distribute popular data fairly efficiently. I2P itself does not and will not provide this functionality. On the other hand, there is overlap for users who simply want to communicate with each other anonymously through websites, message boards, file sharing programs, etc. There have also been some attempts to develop a distributed data store to run on top of I2P, (most recently a port of Tahoe-LAFS) but nothing is yet ready for general use.

However, even ignoring any implementations issues, there are some concerns about Freenet’s algorithms from both a scalability and anonymity perspective, owing largely to Freenet’s heuristic driven routing. The interactions of various techniques certainly may successfully deter various attacks, and perhaps some aspects of the routing algorithms will provide the hoped for scalability. Unfortunately, not much analysis of the algorithms involved has resulted in positive results, but there is still hope. At the very least, Freenet does provide substantial anonymity against an attacker who does not have the resources necessary to analyze it further.

-Information from i2p.de

Denial of service – The Group Hack of Choice


Though I wouldn’t exactly call Distributed Denial of Service attacks a hack in itself. Because its more of a hack of the ping function. It is ideal for a group with a set agenda to take a particular website completely down and cause Admins all around a huge ole pain in the ass by causing the target network to either be slow as shit or render services (Websites) completely unaccessable to its intended users.  Though there are many methods of a DoS attack the method of choice is a distruption of network resources (Sucking Bandwidth) with a large quantity of wither formed or malformed pings. This is often accomplised with a little possibly infuckted skiddy tool known as LOIC (Low Orbit Ion Cannon) That sends a large quantity of pings to the target host or IP.

There actually a more simple method of doing this considering you are using windows and do not want to deal with shady software…

 

Don't expect much. This attack relies completely on community support.

 

Personally,  I think Anonymous as a whole should look into other methods of attack. Something a little more effective.

LOIC – 174.120.238.130


tumblr –  do itt faggot.

Don’t know what LOIC or a DoS attack is?

Lurk More.

 

Remember Rules 1 & 2!!! Also Rule 17.

 

 

Smells like fresh baked Facebook Cookies – Firesheep


When logging into a website you usually start by submitting your username and password. The server then checks to see if an account matching this information exists and if so, replies back to you with a “cookie” which is used by your browser for all subsequent requests.

It’s extremely common for websites to protect your password by encrypting the initial login, but surprisingly uncommon for websites to encrypt everything else. This leaves the cookie (and the user) vulnerable. HTTP session hijacking (sometimes called “sidejacking“) is when an attacker gets a hold of a user’s cookie, allowing them to do anything the user can do on a particular website. On an open wireless network, cookies are basically shouted through the air, making these attacks extremely easy.

This is a widely known problem that has been talked about to death, yet very popular websites continue to fail at protecting their users. The only effective fix for this problem is full end-to-end encryption, known on the web as HTTPS or SSL. Facebook is constantly rolling out new “privacy” features in an endless attempt to quell the screams of unhappy users, but what’s the point when someone can just take over an account entirely? Twitter forced all third party developers to use OAuth then immediately released (and promoted) a new version of their insecure website. When it comes to user privacy, SSL is the elephant in the room.

Today at Toorcon 12 I announced the release of Firesheep, a Firefox extension designed to demonstrate just how serious this problem is.

After installing the extension you’ll see a new sidebar. Connect to any busy open wifi network and click the big “Start Capturing” button. Then wait.

As soon as anyone on the network visits an insecure website known to Firesheep, their name and photo will be displayed:

Double-click on someone, and you’re instantly logged in as them.

All of your Facebook are belong to us.

All of your Facebook are belong to us.

 

That’s it.

Firesheep is free, open source, and is available now for Mac OS X and Windows. Linux support is on the way.

Websites have a responsibility to protect the people who depend on their services. They’ve been ignoring this responsibility for too long, and it’s time for everyone to demand a more secure web. My hope is that Firesheep will help the users win.

Some are advocating using the Firefox extension Force-TLS add-on to prevent being hijacked on unsecured connections. But read the reviews first. Some people have noted some issues. Another is HTTPS Everywhere which is currently in beta. I didn’t provide a link because I believe you should wait until it hits the street in full running gear, before trying it.

The simplest way is to avoid social networking when on an unsecured connection.

The practice is known as session hijacking; if you’d like more information on how the code works, check out this post on Firesheep’s technical details.

A virtual private network (VPN) is the easiest way (other than avoiding unsecure Wi-Fi altogether) to prevent yourself from a Firesheep-powered attack.

VPNs create a private tunnel through the public network, protecting the user from any prying eyes (or packet sniffers) on his way from destination to destination online.

VPNs were used a lot during the Irani election and protests; they’re also used a lot in China and in other areas where access to the Internet is restricted.

Another group that uses VPNs frequently is corporations. Employees often need a safe way to access very private and sensitive information from a public network; VPNs provide security and access. (For more information on corporate use of VPNs, check out this HowStuffWorks article.)

The downside of using a VPN is that you may notice a drop in your connection speed. You might also have to pay for your secure Internet access.

The upside, with specific regard to Firesheep, is that you can sit elbow-to-elbow with a black hat hacker in a coffee shop and know that your data is safely encrypted.

Anon /i/e – http://anonie.tk


From D/i/g/i/tal Vom/i/t comes Anon /i/e. I have decided that rather than focusing on internet culture, the main focus of this blog will be privacy and anonymity. Though internet culture will still be a major part of Anon /i/e the majority of content will center around information found at insurgency wikis and obtaining and maintaining security and anonymity. Rather online anonymity is needed for the information you share, out of paranoia, participation in Hactivism, to cover your tracks, or facilitation of illegal activity, Anon /i/e will be a simple source of information. As a supporter of online privacy, a supporter of Anonymous Hactivism, The free share of information, Open Source software, and Anti-ACTA groups, Privacy and Anonymity is  important to me. Though I currently have not achieved total online anonymity, I will share information about the task at hand.

Concerning the blog itself, I will be playing with features of the wordpress hosting, adding and removing pages and links, experimenting with themes, considering hosting and a domain, and looking for authors. The site will grow and change. I am happy to see that over the period of time I was not posting there were still regular readers. I certianly encourage you, if you like the content provided here, or wish to use it as reference, please share this blog with online communities, IRL friends, and keep checking back for new happenings. Also, since I am poor. I am using a free redirection service. http://anonie.tk

A month post gap.


I am quite sorry about the month-long gap in my posting. I had a little issue with my ISP and their billing department. I also changed residences.  I was hoping my supposed co writer would fill in some content but I think sickness is removed from the project. I may consider looking for co-blogger from some dark corner of the internets. I am also looking into a small imageboard for DV. I experimented with IB4F and my conclusion is fuck em. It’s just a fester of furry and fail. If anyone has any information on this. I have a budget of zero, need some half decent bandwidth, the software, mods, janitors etc. Im going to work on the static pages for a little while Until something interesting pops up.  Check in.