[ISN] Six/Four: The Internet Under Cover

From: InfoSec News (isnat_private)
Date: Fri Mar 07 2003 - 00:37:24 PST

  • Next message: InfoSec News: "[ISN] Unleashing the dogs of cyber-war on Iraq!"

    By Jim Rapoza
    March 6, 2003 
    The Six/Four System is peer-to-peer technology that makes it possible
    to carry out almost any Internet activity securely and -- more
    importantly, for all sorts of reasons -- anonymously. The Hacktivismo
    system, or anything based on it, just may become the Internet's next
    killer app.
    Many who will be affected by Six/Four might use the term "killer" in
    another sense of the word - from record industry executives fearing a
    file sharing network where they can't see who's sharing what, to law
    enforcement personnel tracking illegal activity, to oppressive
    governments attempting to filter information to its citizens.
    This last is the reason that Hacktivismo created Six/Four. An offshoot
    of the Cult of the Dead Cow hacker group, Hacktivismo is dedicated to
    preventing state-sponsored censorship of the Internet. It created the
    Six/Four System, which is named for the June 4, 1989, date of the
    Tiananmen Square massacre, to make it possible to access information
    anywhere on the Internet and put a big hole in things like China's
    Internet firewall.
    eWEEK Labs evaluated a beta version of the developers edition of the
    Six/Four System, which became available this week, and found that
    Hacktivismo hasn't quite achieved its goals. The peer-to-peer network,
    which relies on many node clients with some trusted peers that handle
    routing, is understandably very small right now. Also, the Six/Four
    System's capabilities are very raw.
    The main application in the beta we tested was the Web proxy. Once we
    set up Six/Four on a Red Hat Linux system, we were able to define our
    local host as a proxy in our browser, then use the Six/Four network to
    anonymously go to Web sites. The process worked much like the old
    SafeWeb site.
    This will be useful to those who want or, due to restrictive
    governments or ISPs, need to surf anonymously. However, in its current
    beta form, Six/Four will likely be too difficult for novices to
    install and use effectively.
    Web surfing just scratches the surface of Six/Four's capabilities. It
    works with any TCP or UDP application, so a large number of
    applications could use it - all it would take is a simple system call
    to make use of Six/Four with messaging, collaboration, file sharing
    and other applications.
    And that's exactly what will make Six/Four a security problem.  
    Black-hat types could use Six/Four to break into networks and systems
    without fear of being tracked.
    Six/Four does have some safeguards against such usage: Trusted peer
    administrators must apply to Hacktivismo for a certificate that client
    peer nodes will use to identify legitimate trusted peers. At that
    point, trusted peers can block specific services and protocols that
    may be used maliciously.
    The beta of the developers edition of the Six/Four System can be
    downloaded at www.hacktivismo.com. Since the application includes
    munitions-level encryption to download the code, you must first state
    that you are not in or a citizen of Cuba, Iran, Iraq, Libya, North
    Korea, Sudan or Syria.
    Also, you must select the option that says you are not on the Commerce
    Department's Denied Persons list. Finally, you must select that you
    are a certified patriot, which basically means you selected "No" for
    all of the above.
    eWEEK Labs East Coast Technical Director Jim Rapoza can be reached at 
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Fri Mar 07 2003 - 02:59:09 PST