|
<<
^
>>
Date: 2000-03-12
Cyber Patrol Hack en Detail
-.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.-
Wie die Datenbank mit über 80.000 durch Cyber Patrol
blockierte URLS entleert und die Verschlüsselung gelnackt
wurde, ist nun in allen Details auf einer Homepage in SE
nachzulesen.
Zu sehen ist auch, was CP an ganz normalen Webinhalten
filtert - man sieht dem Blödsinn quasi ins Angesicht.
-.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.-
releayed by Peter F Bradshaw <pfb@nautronix.com.au>
via crypto@efa.org.au>
-.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.-
Let's start from the beginning. Before we even install a
product we must have some set of goals we want to achieve.
For Cyber Patrol the goal was to break the authentication
scheme and to extract the URL database, documenting the
structures in the progress, thus facilitating interoperability.
These constitute practical goals. You will also find less
pragmatic goals for the launching of an attack, such as the
inquisitive desire to learn the internals of someone else's
product, the thrill of doing something you are not supposed to
be able to do, and the recognition you might gain for being
the first one to explore unchartered territory. We can call
these goals of personal gratification. More interesting for the
majority of people are probably the political goals, to expose
any hidden agenda that might be lurking behind the product
and to fuel the discussion around it, in this case the
discussion around censorware. For us, the primary
motivation has been the possible political implications.
With the goals firmly set in mind, we begin our work to
achieve them.
3 Overview
Installation is straightforward. You will note, however, that you are not asked to supply an installation path. This is a typical example of producers taking the easy way out. Rather than going through with the little ext
ra bit of effort, they chose to take the easy route - by forcing all their customers to install the software into C:\PATROL no matter what.
Now, before we speak some more on how we can achieve our goals, let's go on a short tour of the program. For reference, here's a screenshot of the main interface. As can be seen, a large part of the main interface is devo
ted to time management. For each day in the week you can - with a 30 minute granularity - control the hours in which a user is allowed to use the Internet. You can set the maximum amount of time "online" allowed per day a
nd calendar week.
To the upper right, you'll find a panel for controlling the filters
in Cyber Patrol. It's fairly straightforward, but let's run through
the alternatives anyway.
IRC Chat Filters on keywords that are not allowed to be part
of the channel name. ChatGard Lets you specify things that
are never to be allowed to be transmitted over the Internet,
such as your address, phone number and the like. The
clipboard will be monitored too. The "Carlin-7" mentioned are
shit, piss, fuck, cunt, cocksucker, mother-fucker, and tits.
See also [ACLU96] WWW, FTP & Other This is where you
add any additional URLs you want to filter, or allow, as the
case may be. News This screen is virtually identical to the
"WWW, FTP & Other" one, but here you can define any
newsgroups you want to filter. You can also choose to apply
the IRC keyword filters to newsgroup names. Games &
Applications Here you can specify up to sixteen 16-bit
windows applications that should not be allowed to be run.
Not very useful if you're running a 32-bit operating system
though.
Die komplette Analyse
http://hem.passagen.se/eddy1/reveng/cp4/cp4break.html
-.- -.-.
Connectivity statt Isolierung
http://o5.or.at
-.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.-
- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.-
edited by Harkank
published on: 2000-03-12
comments to office@quintessenz.at
subscribe Newsletter
- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.-
<<
^
>>
|
|
|
|