background preloader

Punching holes into firewalls

Punching holes into firewalls
or "Why firewalls shouldn't be considered a ultimate weapon for network security" or "Secure TCP-into-HTTP tunnelling guide" Introduction Firewalls are heavily used to secure private networks (home or corporate). Usually, they are used to protect the network from: intrusions from outsidersmisuse from insiders In a TCP/IP environment, the typical corporate firewall configuration is to block everything (both incoming and outgoing), and give access to the internet only through a HTTP proxy. Still, this should not considered a ultimate weapon, and network administrators should not rely on the firewalls only. Encapsulation is the basis of networking. As soon as you let a single protocol out, tunelling allows to let anything go through this protocol, and thus through the firewall. This paper demonstrates how to encapsulate any TCP-based protocol (SMTP, POP3, NNTP, telnet...) into HTTP, thus bypassing the firewall protection/censorship (depending on your point of view) A word of warning: The problem Related:  hacking & cyberactivism

WikiLeaks e os conflitos no ciberespaço - Parte II 21 de dezembro de 2010 Categoria: Mundo O estabelecimento do ciberespaço como uma dimensão da guerra abre a possibilidade de uma ofensiva militar contra a rede. Por Passa Palavra Leia aqui a primeira parte deste artigo. 4. Soldado de Bronze, em Tallinn (2006) Depois da terra, oceano, ar e espaço, o ciberespaço passou a ser considerado um novo campo de guerra pelos militares. Em maio, um mês após a onda de ataques, as investigações rastrearam que esses ataques partiram da Rússia. Uma situação similar e paralela ocorreu ainda em 2008, quando a Rússia entrou em guerra contra a Geórgia e os sites do governo e da mídia desse país também foram atacados. De acordo com as investigações realizadas, ambos ataques foram organizados por russos utilizando Botnets [12]. Desde 2008, a OTAN mantém o Cooperative Cyber Defence Centre of Excellence (CCDCOE) em Tallinn, na Estônia. QG da NSA – Forte Meade, Maryland. Quatro meses antes do Cable Gate, um colunista convidado pelo Washington Post, Marc A. 5.

WikiLeaks e os conflitos no ciberespaço - Parte I 19 de dezembro de 2010 Categoria: Mundo A revelação de documentos secretos da diplomacia dos Estados Unidos abre uma batalha pela liberdade da informação. Por Passa Palavra 1. Introdução Desde o início de 2010, o governo dos Estados Unidos está sofrendo os maiores vazamentos de informação [revelação de segredos] da sua história. O Cable Gate reúne 251.287 documentos das representações diplomáticas norte-americanas do mundo inteiro. Outra diferença a ser notada é que desde o Diário de Guerra do Afeganistão, o WikiLeaks estabeleceu uma parceria com a mídia tradicional, como El País (Espanha), The Guardian (Grã-Bretanha), Der Spiegel (Alemanha), New York Times (Estados Unidos) e, no Brasil, com a Folha de S. No dia 22 de novembro, no twitter, o WikiLeaks avisou que começaria a vazar os arquivos em breve. A suposta fonte de todo esse material é o militar de Primeira Classe Bradley Manning, 23 anos. 3. A exposição e personalização foi direcionada enquanto estratégia de defesa.

Brasil está entre os menos preparados contra hackers - Economia O Brasil foi apontado como um dos países menos preparados para ataques cibernéticos em um ranking de 23 nações presente em um recém divulgado estudo produzido pelo centro de pesquisas belga Security Defense Agenda (SDA) e pela empresa de antivírus McAfee. Dos países analisados pelo estudo, nenhum obteve a nota máxima (5) de total prontidão contra ataques virtuais. O Brasil teve nota 2,5, ao lado de Índia e Romênia, ficando à frente apenas do México. Os mais bem-colocados no ranking são Israel, Finlândia e Suécia, com nota 4,5. "A infraestrutura e tecnologia (de segurança cibernética) na América Latina e Caribe tende a estar desatualizada, e esse ainda é o caso no Brasil", diz o capítulo sobre o país. "Até agora, a corrupção policial e a falta de legislação para combater crimes cibernéticos constituem o calcanhar de Aquiles do Brasil. Exemplos de ataques estão ocorrendo nesta semana, quando hackers brasileiros estão alvejando sites de bancos. 'Hackers em vantagem' Compartilhar informações

UPDATE 2-FBI arrests 14 in probe of hacker group Anonymous Empty suit: the chaotic way Anonymous makes decisions On February 16, the freewheeling hacker collective decided to take on the Kansas-based Westboro Baptist Church, best known for its "God Hates Fags" protests. The Anonymous hivemind, the "Voice of Free Speech & the Advocate of the People," has had enough of this sort of free speech and has decided to fight the church's "assembly of graceless sociopaths and maniacal chauvinists & religious zealots" who issue "venomous statements of hatred." The manifesto contains the trademark Anonymous prose style, one that might be summed up with the words "florid bombasticism." And it closes with the typical Anonymous threats, which drinks deep from the wells of prophetic denunciation literature—combined with a splash of The Matrix. But did Anonymous really write this? Within days, other Anons were backing away from the idea of going after Westboro, even as the church tried to taunt them into action. The art of trolling Westboro asks Anonymous to "BRING IT!" Productive chaos? We are Anonymous.

The darkness at the heart of Anonymous | Technology Louise Mensch, the Conservative MP, didn't react as perhaps the sender of the threatening email she received on Monday had hoped. She came out swinging - as anyone who knows her even a little might have been able to predict. "Had some morons from Anonymous/LulzSec threaten my children via email. As I'm in the States, be good … to have somebody from the UK police advise me where I should forward the email," she tweeted. And then followed up by refusing to be cowed: " I'm posting it on Twitter because they threatened me telling me to get off Twitter. Hi kids! Sticking two fingers up at Anonymous might have drawn some gasps a while back. Departing now As one departing member posted on Pastebin (the favoured site for declarations relating to the group): "Anonymous fights for freedom, you don't like people controlling you, that is admirable. And here's another (I've tweaked his Capitals For Every Word style): Or another, from "cornfog": The fun may have stopped, though. Who's snitching on whom?

WikiLeaks: Anonymous hierarchy emerges | Media They were described as a leaderless, anarchic group of "hacktivists" who briefly brought down MasterCard, Visa and PayPal after those companies cut off financial services to WikiLeaks. But inside Anonymous, the Guardian has found that the organisation is more hierarchical – with a hidden cabal of around a dozen highly skilled hackers co-ordinating attacks across the web. The secretive group that directs the Anonymous network was also behind the assault on the Gawker websites in the US at the weekend, according to documents seen by the Guardian. In the last 10 days, Anonymous has also orchestrated Operation Payback, which attacked Visa, MasterCard and PayPal for cutting off financial services to WikiLeaks under pressure from the US government. Several members of Anonymous have contacted the Guardian, wanting to provide more information about their motives and how the group works. "Our project has no leader structure, only different roles. • This article was amended on 21 December 2010.

HOWTO bypass Internet Censorship, a tutorial on getting around filters and blocked ports

Related: