Jacob Appelbaum: The American Wikileaks Hacker | Culture News | Rolling Stone
He beckons me over to one of his eight computers and presses several keys, activating Blockfinder. In less than 30 seconds, the program lists all of the Internet Protocol address allocations in the world — potentially giving him access to every computer connected to the Internet. Appelbaum decides to home in on Burma, a small country with one of the world’s most repressive regimes. He types in Burma’s two-letter country code: “mm,” for Myanmar. Blockfinder instantly starts to spit out every IP address in Burma.
Blockfinder informs Appelbaum that there are 12,284 IP addresses allocated to Burma, all of them distributed by government-run Internet-service providers. In Burma, as in many countries outside the United States, Internet access runs through the state. Appelbaum taps some keys and attempts to connect to every computer system in Burma. Only 118 of them respond. “That means almost every network in Burma is blocked from the outside world,” he says. “All but 118 of them.”
These 118 unfiltered computer systems could only belong to organizations and people to whom the government grants unfettered Internet access: trusted politicians, the upper echelons of state-run corporations, intelligence agencies.
“Now this,” Appelbaum says, “is the good part.”
He selects one of the 118 networks at random and tries to enter it. A window pops up asking for a password. Appelbaum throws back his head and screams with laughter — a gleeful, almost manic trill. The network runs on a router made by Cisco Systems and is riddled with vulnerabilities. Hacking into it will be trivial.
It’s impossible to know what’s on the other side of the password. The prime minister’s personal e-mail account? The network server of the secret police? The military junta’s central command? Whatever it is, it could soon be at Appelbaum’s fingertips.
So will he do it?
“I could,” Appelbaum says, with a smile. “But that would be illegal, wouldn’t it?”
#Google now seeing 2% #IPv6 traffic – the #Internet is changing !
Note the weekly cycle with week-end peaks: IPv6 adoption is led by home users... Enterprise environments are lagging as usual.
Bad idea: Gmail now discriminates against mail servers without an IPv6 reverse
This new gem is from the SMTP Gmail FAQ at ▻https://support.google.com/mail/answer/81126?hl=en
(Fun note: they call it the “Bulk Senders Guidelines”… hence apparently anyone running their own personal mail server falls in that category…)
“Additional guidelines for IPv6
The sending IP must have a PTR record (i.e., a reverse DNS of the sending IP) and it should match the IP obtained via the forward DNS resolution of the hostname specified in the PTR record. Otherwise, mail will be marked as spam or possibly rejected.
The sending domain should pass either SPF check or DKIM check. Otherwise, mail might be marked as spam.”
Why does #iperf's reported MTU differ from the correct one, reported by other tools using Path MTU Discovery ? “Mysterious Transfer Unit”...
Alternative to dumb port scanning, leveraging reverse DNS to discover a subnet’s IPv6 hosts. Supposes that reverse DNS is correctly configured… ▻http://www.reddit.com/r/netsec/comments/1bfu76/how_are_we_going_to_port_scan_for_open_hosts_on/c96p936
« From March to December 2012 we used [...] a distributed port scanner to scan all IPv4 addresses. These scans include service probes for the most common ports, ICMP ping, reverse DNS and SYN scans. We analyzed some of the data to get an estimation of the IP address usage. »
« All data gathered during our research is released into the public domain for further study. The full 9 TB dataset has been compressed to 565GB using ZPAQ and is available via BitTorrent. »
Do note that the machines which scanned were cracked machines and so the entire operation was probably illegal in most countries.
Very good analysis of the current situation of the #ITU after the Dubai meeting, and why the “ITU-phobia” is wrong (because the ITU is a weak dying dinosaur and certainly not the big threat so many lobbyists see).
Now watch ITU-phobia turn these drab words into a fearsome threat. A commentator on our blog who was in Dubai as part of the UK delegation writes: “5A needs to be read along with ITU Standard Y.2770 which makes it mandatory to implement deep packet inspection…to all ‘next generation networks’ which could be easily interpreted as the IPv6 network. As a standard it is far from mandatory. But 5A and 5B bring this much closer to make it mandatory – and you’ll notice that the language in Y.2770 is very close to the language of 5A and 5B.”
There are so many irrational leaps of logic in this statement it is hard to know where to begin. The author of that comment is implying that ITR section 5A must be read in conjunction with an ITU-T standard that he has picked arbitrarily out of the air, a standard not mentioned anywhere in the ITRs and not mentioned in any of the discussions of 5A. The section 5A does not mention the Internet, IPv6, NGNs or DPI, yet this person believes that it could be “easily interpreted” to REQUIRE the use of DPI in IPv6 networks. And when one points out this huge gap between what is actually in the ITRs and what they are contending it would do, the response is filled with dark warnings about “the power of general language” and how the evil demons at the ITU will be able to stretch whatever language is in their to suit their purposes.
Ah, le pouvoir des grandes « notions générales » ! ça me rappelle des passages de la Démocratie en Amérique de Tocqueville.
60 % des noms de domaine .fr sont compatibles #IPv6, une hausse de 19 points ! Découvrez le chiffre clé de novembre de la nouvelle édition en ligne de l’Observatoire 2012 du marché des noms de domaine en France !
60% of .fr domain names are IPv6 compliant, an increase of 19 points in one year ! Discover the November key figure of the new online edition of the Report 2012 of the French #Domain Name Industry !
How to maintain reliable IPv6 in IPv4 tunnel connectivity when your Internet access provider inflicts a dynamic IPv4 address on you: ▻http://serendipity.ruwenzori.net/index.php/2012/06/06/how-to-maintain-reliable-ipv6-in-ipv4-tunnel-connectivity-whe
My Internet access provider has such miserable IPv4 peerings that I get better throughput using IPv6 through HurricaneElectric: http://img2.ipv6-test.com/speedtest/result/2012/05/25/2bc5203dd141ef8e64390aabb5a1cdff.png
Numericable, also known as Misericable.
Lancement de la 2ème enquête « Toile de fond technologique » #Afnic
Répondez à notre #enquete sur :
Launch of the second edition of AFNIC’s "Technology Backdrop" survey
Answer our #survey in english on :
Yes, that is one of the main points of this presentation - it also mentions RAguard (L2 Protection on the switch - RFC 6105) and SeND (RFC 3971 - secure ND using cryptography) as remedial methods. The first one is quite easy given a smart switch, but the second one is said to be very hard to deploy.
ferm is a tool to maintain complex firewalls, without having the trouble to rewrite the complex rules over and over again. ferm allows the entire firewall rule set to be stored in a separate file, and to be loaded with one command. The firewall configuration resembles structured programming-like language, which can contain levels and lists.
The Nintendo 3DS will send the Activity Log to Nintendo when the wifi is connected.
Nintendo can then choose to share your information and use it to target advertisements to you.
Worst of all, Nintendo has claimed the right to use the information they collect from your device to judge if you are allowed to continue using it.
Connexion à un serveur distant s’il a plusieurs adresses (surtout si certaines sont en #IPv4 et d’autres en #IPv6). La méthode traditionnelle est une boucle séquentielle avec timeout, insupportable si les premières adresses ne répondent pas. C’est à cause de cela que très peu de gros sites ajoutent une adresse IPv6.
Une solution possible est de tenter les connexions en parallèle. Voici une solution détaillée, avec code, en #C : ▻http://www.isc.org/community/blog/201101/how-to-connect-to-a-multi-homed-server-over-tcp