Domain: fondoo.net
Stories and comments across the archive that link to fondoo.net.
Comments · 7
-
Illuminati Online "Hardened" Network Services
I'll just leave this here:
http://io.fondoo.net/"Fun fact: you could telnet to password.io.com from anywhere in the world, and log on as guest. Lynx, a text-only web browser, was configured as the shell, and you would then be presented with a sparse version of the web-based customer account tools found at http://password.io.com/. This was so customers could reset their own password, update their address, set their PLAN file, etc.
IO forgot to disable browsing the filesystem (press g, period, enter). Also, IO never enforced uniform file and directory permissions or audited active accounts. As a result, through 2004, after IO was taken over by Prismnet (or later), you could roam around and directly view many customer's private files, email, and IO's sensitive system areas. You could also open the Lynx config to define a custom "editor" and thus actually edit files, or run executables. This was a direct back-door into everything! This continued a full two years after IOCOM "hardened" their network to sell network security services."
-
My Back door to the Internet
In 1994, BBSs were still the dominant experience for the common man. However, the University had a dial-up line that was configured to use a Gopher client as shell, for purposes of searching an online card catalog for one of the libraries. I found I could use the search engines of the day, Archie and Jughead (and Veronica?) to find hosts offering free access to Lynx (the text-only browser) and even Telnet "gateways". Cyberspace.com was offering free trial Unix accounts, literally with no verification. They offered Pine, storage space and plenty of other things. I could now surf the whole existing web, Gopherspace, read Usenet and download files and warez from there. Since Zmodem was borked by the Gopher client I was connected through, I couldn't download directly. So, I used Pine to re-mail them to myself at a local BBS which had a nightly UUCP connection where it exchanged email (with bangs as well as @) and updated it's select Usenet posts.
At one point, I struggled to run DOSSLIP and DOSLYNX directly on my PC, but this never compared to just using a BBS dialup program and doing things on the terminal. I still use Lynx and (Al)Pine several times a week!
Another Lynx trick came in handy 5 years later: You could telnet to password.io.com from anywhere in the world, and log on as guest. Lynx was configured as the shell, and you would then be presented with the minimalist web-based customer tools found at http://password.io.com/ to reset your password, update your address, etc. IO forgot to disable browsing the filesystem (press g, period, enter). Also, IO never enforced uniform
/home/user/ directory permissions or audited active accounts. As a result, through 2004, when IO was taken over by Prismnet (or later), you could roam around and directly view many customer's private files, email, and IO's sensitive system areas. This was a direct back-door into everything! That was a full two years after IOCOM "hardened" their network to sell network security services.The Illuminati Online website is archived by an old employee here: http://io.fondoo.net/
-
I used to work at Illuminati Online ISP
Met Steve in person, of course. Nice guy, but quiet. And his brother Ken Jackson was the owner/boss/ mgt. of note.
IO had less than 5,000 customers, less than 20 staff, and brought in about a million in revenues per year. Here's a snapshot of the ISP's web v1.0 era website:
http://fondoo.net/~io
Anyone wanna slashdot me? Would be an honor! LOL -
Improve privacy with a network of VPN tunnels
This resembles the idea used by the now-disgraced Spanish Fon wifi outfit. I was Fon's most widely read English language fan blogger at http://elfonblog.fondoo.net/ Share wifi at home, receive wifi from your community elsewhere, even abroad. Except with OWM, no money is demanded and there's no hungry octopus in the center that swipes the majority of the wealth, and maintains obstacles instead of adding real value to the system . wink
I would add at least one feature to this project. The wifi can be unencrypted. The routers should have onboard VPN servers so people using the hotspots can encrypt their wifi to protect from nearby eavesdropping. Another option would be to forward the client's VPN tunnel to another OWM router somewhere else. This obscures the user's location. There would be automatic choice of endpoint depending on load. Idle routers with no local clients would not go to waste. A vip option could be to choose where your VPN tunnel makes you appear. If you're a contributor to the project, you would be a vip+ who could also choose his own router as endpoint so he can access LAN and file shares. OWM would provide a custom VPN client that ensures that the user is not using a fake hotspot, and facilitate making the choice of where the VPN endpoint is. It would be fairly simple to build a darknet available to those using the VPN clients.
Or, the wifi could be WPA encrypted... Whisher.com (now defunct and bought by wifi.com for no purpose) was working on a replacement/enhancement to the wifi manager on your windows, mac and linux pcs. It worked just like the regular one, but it also held an encrypted database of wifi router mac addresses and WPA keys for them. It indicated when you were in range of one, and would connect you to the router with full WPA encryption - without revealing the key to you (optimally). The owner of the hotspot could open his router to all, all but those on his blacklist, or only his friends on his whitelist. Privileges could be added or revoked on the fly. You could use any router with Whisher, as the router didn't require custom firmware, your pc simply used a custom wifi mgr. So, the Whisher app acted like DRM. It also supported a darknet sort of community and chat app, but I would say it was superfluous. The custom OWM client I describe above would do what Whisher did, though Whisher did not have any anonymization features. The OWM routers could still tunnel encrypted traffic to other endpoints.
WPA is more secure in one sense, but the key database could someday be cracked. Perfect Forward Secrecy type VPN encryption (if it exists) would be more work to crack, but also a higher load on the routers. Perhaps if a trustworthy VPN company was partnered with OWM so the endpoints could be independent of the embedded router systems. Faster speeds and more choices would be available with a paid subscription (but you could use any VPN provider).
-
if you want to share your bandwidth get a Fonera
FON sell cheap routers called La Fonera with dual SSID. One is secure and for your own use, one is open and for the benefit of other people who share their bandwidth with a Fonera router. Guests who don't share their bandwidth can also connect for $3 per day. There are a few other permutations including a revenue sharing model, go read about it. Most ISPs in the UK don't let you share your bandwidth, however Fondoo.net do.
-
secure your WiFi or get a FON hotspot
which is available from http://www.fon.com/ and is basically a little WiFi router which provides two SSIDs one is for your private use and is encrypted, one is for sharing and is not encrypted but you do have to authenticate with your FON ID to use it. If you have a FON hotspot which you share for free you can use anyone elses FON hotspot for free, or if you want to charge people who don't do the same you can collect a portion of the revenue they pay to FON (they pay 3 euros or dollars and you get about 1 euro or dollar per day after tax) If you are in the UK and think that sharing your bandwidth is in breach of your ISP terms and conditions then you should check out http://www.fondoo.net/ which explicitly permits FON hotspots in the T&Cs.
-
in the UK there is an ISP that allows Fon
called http://www.fondoo.net/ it seems to have been set up on the premise of allowing users to share their connections with Fon. Pretty specialised focus for an ISP, most don't seem to let you share your connection, but they probably don't give a damn if you do. I guess if you care about doing the right thing (and want to get a FON router)then this is the ISP to go for.