Slashdot Mirror

← Back to Stories (view on slashdot.org)

Tapping the Alpha Geek Noosphere with EtherPeg

Posted by ryuzaki0 on from the amuse-themselves-to-death dept.

tadghin writes "Rob Flickenger has an amazing take on what's happening in the wireless noosphere at the O'Reilly Emerging Technologies Conference. Rob used EtherPeg, a great Mac OS X hack that lets you see the GIFs and JPEGs flying around on the local network, to key off on an amazing visual commentary on what people were doing during Steven Johnson's keynote."

118 comments

  1. Uh-Oh by coryboehne · · Score: 0, Redundant

    Now everyone will really know what I'm looking at. hehehe

    1. Re:Uh-Oh by coryboehne · · Score: 0, Offtopic

      I would really like to know how the first post could even POSSIBLY be moderated down because it's redundant, I mean in order to be redundant there would have to be something before it, I think someone let a furbie have moderator access.

    2. Re:Uh-Oh by Anonymous Coward · · Score: 0

      There was something before it, dumbass. The article.

  2. no way!!! by SlugLord · · Score: 0

    This is impossible.... First post?! no, not likely... In any event, this seems interesting, though not particularly productive. Maybe it could be used for quick searching, because the human mind can recognize patterns faster than any computer...

  3. im suprised.. by sjwt · · Score: 0, Interesting

    Im realy suprised that this isnt
    installed in all those companys
    with the no personal web serfing/porn
    rules :)

    if you knew your bosses desktop would
    say refelct what you where surfing would
    you change?

    I sertanly would, it woudl be dilbert comics
    all the way :)

    --
    You have 5 Moderator Points!
    Which Helpless Linux zealot/MS basher do you want to mod down today?
  4. Excuse me? by Anonymous Coward · · Score: 1, Insightful

    You'd think that Slashdot, with its pro-privacy stance, would realize that something like this IS an invasion of privacy.

    I don't like the idea of people spying on me: I don't care if it's essentially harmless.

    1. Re:Excuse me? by citmanual · · Score: 1

      Uhm, doesn't this display the lack of privacy in the modern network, hence proving that more of our network traffic should be encrypted?

      Unless you call wrapping image data in a TCP/IP bundle and splitting it up into packets encryption. Hmm... Maybe this software is actually a violation of the DMCA.

    2. Re:Excuse me? by Anonymous Coward · · Score: 0

      Oh I see, so it's okay to spy on people if they aren't encrypting their traffic. I hope you remember that the next time you make a phone call. Fucking jackass.

    3. Re:Excuse me? by Anonymous Coward · · Score: 0

      They were on a PUBLIC network.

      Is it an invasion of your privacy if someone watches you get into your car? This stranger know knows your cars make, model and color, your sex, height, color, possibly your national origin, approximate weight as well as what state you live in. They might also be able to determine more about you by the way you dress and what if anything you have on your car for bumper stickers. This stranger just got a lot more information about you than they would have with EtherPEG. Will you now be a shut-in? I wouldn't bother. If someone wants to know something about you they're going to find out even if slashdot AND EtherPEG combine their evil forces. Chances are they won't though. After all... no one really cares about you. You're just another wheel in the cog. Live your life and stop your bitching.

  5. Censorship! by -brazil- · · Score: 2, Funny

    I'm not going to believe that that half-covered image in the first screenshot was the only piece of Pr0n to come up!

    --

    The illegal we do immediately. The unconstitutional takes a little longer.
    --Henry Kissinger

  6. slashdotted!!! by Anonymous Coward · · Score: 0

    no comment here

  7. what else? by morgajel · · Score: 0, Interesting

    porn. lots of porn.

    what else would they be looking at? I know that's what I'd be doing.

    --
    Looking for Book Reviews? Check out Literary Escapism.
  8. Let's hope managers/supervisors don't find this... by maddogsparky · · Score: 2
    ...or something similar for the PC. Work is already hard enough; if we don't have a little freedom of the mind and the freedom to let it wander, it stagnates. Unfortunately, a number of managers probably wouldn't see it that way if they could glimpse into the collective consciousness of their work environment.

    --
    science is a religion
  9. DriftNet by SubtleNuance · · Score: 4, Informative

    Have a look at the GPLed GNU/Linux equal -- Driftnet

    Run it on your LAN @ work for some scary results! (i shut it off after 10 minutes, after the pics of cross-dressing-victorian-era-constume-fan pics popped up *shudder*)

    1. Re:DriftNet by |<amikaze · · Score: 1

      Indeed. Driftnet works wonders!

    2. Re:DriftNet by 56ker · · Score: 2

      "after the pics of cross- dressing-victorian-era-constume-fan pics popped up" - makes me wonder what type of LAN you're running there!

      --


      Video Game cheats, hints a
  10. also see driftnet by Anonymous Coward · · Score: 0

    drifnet does about the same. It really is a nifty background for your desktop as well ;-)

  11. Ohhh the possibilities by coryboehne · · Score: 2, Funny

    I wonder what you would see with this in the average office, as the day starts I'm sure you'd get alot of /. , MSN , Yahoo , New York Times, then at lunch MapQuest maps , the occasional general interest website, then as the day closes down movie sites, more news, and of course later in the evening you can see what the cleaning crews are doing, looking at porn of course!

    1. Re:Ohhh the possibilities by proj_2501 · · Score: 2, Funny

      Actually, the only time I caught the cleaning guys on my machine at work, they were looking at stock exchanges. I logged in remotely and popped xeyes up all over the place. That was fun :)

    2. Re:Ohhh the possibilities by Grape+Shasta · · Score: 3, Funny

      So, let me get this straight... you're running an OS advanced enough to allow you to log in remotely, to see what someone else is doing, and to mess with their desktop... but you haven't figured out how to keep the janitors out yet?

      --

      "I am a cipher, a cipher, wrapped in an enigma, smothered in secret sauce" -Jimmy James
    3. Re:Ohhh the possibilities by proj_2501 · · Score: 2

      I stepped out to use the bathroom and I forgot to lock my workstation. I don't forget anymore.

    4. Re:Ohhh the possibilities by kaustik · · Score: 1

      Did you log in remotely from the bathroom, or are you one of those people who are paranoid about using a public toilet and ran home to do the job?

  12. Re:Let's hope managers/supervisors don't find this by bzzzt · · Score: 2, Informative

    Not for your manager, but already implemented on Linux:

    http://www.ex-parrot.com/~chris/driftnet/

  13. "an amazing visual commentary"... by Mike+Connell · · Score: 1, Redundant

    This is not what I call an amazing visual commentary, unless you're talking about the /. effect...

    Internal Server Error
    The server encountered an internal error or misconfiguration and was unable to complete your request.

    Please contact the server administrator, webmaster@oreillynet.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.

    More information about this error may be available in the server error log.

    --
    Tales from behind the Lagom Curtain
    1. Re:"an amazing visual commentary"... by Anonymous Coward · · Score: 0

      and anything you might have done that may have caused the error.
      i followed the heard?

    2. Re:"an amazing visual commentary"... by Anonymous Coward · · Score: 0

      "i followed the heard?"I heard from everyone that you followed the herd.

  14. Re:Awesome! by Anonymous Coward · · Score: 0

    Amadala would love Anakin's golden arm; it could double as a vibrator.

  15. Re:pr0n? by -brazil- · · Score: 1

    It certainly was. Come on, this is the internet, and those were geeks.

    --

    The illegal we do immediately. The unconstitutional takes a little longer.
    --Henry Kissinger

  16. EtherPEG by Mwongozi · · Score: 2
    EtherPEG is rather cool, downloaded onto my office Mac and saw various gifs floating past. :)

    Pity there's no Windows version - it also suffers if you're behind a switch - can't see any traffic on network segments the other side of the switch. Bummer.

    1. Re:EtherPEG by Corby911 · · Score: 1

      Sure it can! All you need is a little program that MAC address bombs the switch. Send it a few millioin MAC addresses, and (depending on the switch of course) it will most likely go into "hub" mode and start broadcasting everything across all the ports.

      Of course this will hurt network performance a bit, but c'mon - it's worth it!

      Another option would be to just not send anything out to the switch at all - since it doesn't know what's connected, the switch should try to send everything to you. I think.

      --
      Monday is a horrible way to spend 1/7 of your life.
    2. Re:EtherPEG by aderusha · · Score: 2, Informative

      most switches will only send broadcasts and unknown MACs down ports that haven't learned a MAC yet. however, most decent switches will let you turn one or more ports into monitoring ports that will recieve all packets for sniffing purposes.

    3. Re:EtherPEG by Anonymous Coward · · Score: 0

      Or the switch will go into security mode, disable your port, send a SNMP trap to the BOFH, and you will then get a visit from the Etherkiller.

      It's your choice.

  17. Slashdotted already? by Anonymous Coward · · Score: 0

    Wow, 30-or-so comments and slashdotted already. And who submitted the article? Tim O'Reilly himself. Right now, someone's crying at PR.

  18. Windows equivalent? by russx2 · · Score: 2, Funny

    Does anyone know if there's a windows port/equivalent of this software? Definitely sounds interesting to have a play with.

    I live in a Uni hall so this could effectively be what I've always been looking for - a free, dynamic, porn screensaver. Bonus :-)

    1. Re:Windows equivalent? by ChiPHeaD23 · · Score: 2, Funny

      Sounds real interesting especially if you live in a coed dorm. You just KNOW girls are having pillowfights in their rooms and have their webcams on, right?

      At least 90% of porn would have you think so :P

    2. Re:Windows equivalent? by daeley · · Score: 2

      Does anyone know if there's a windows port/equivalent of this software?

      I, a Mac OS X user, have been waiting for this day since the original Marathon came out. BWA HA HA HA HA THE POWER!!!!

      Sorry, now back to your regularly scheduled thread. LOL

      For those interested in trying it out, be sure to read the read me about chmod-ing the /dev/bpf* files. And don't forget to change them back.

      --
      I watched C-beams glitter in the dark near the Tannhauser gate.
    3. Re:Windows equivalent? by jonbrewer · · Score: 2

      God how I long to play Marathon again. Pity I have only this XP workstation now and am too poor for a Mac at home. :-(

    4. Re:Windows equivalent? by daeley · · Score: 2

      Have you heard about the Unreal Tournament Marathon mod, Marathon Resurrection?

      --
      I watched C-beams glitter in the dark near the Tannhauser gate.
  19. Linux version of EtherPeg by Anonymous Coward · · Score: 0

    Well, not quite, but it was inspired by it. See DriftNet.

    Needs GTK, libpcap.

  20. amazing. like reading the gnutella traffic by kipple · · Score: 4, Interesting

    ...more or less the content is the same, except that in the gnutella traffic there's no ads forced to appear. so basically reading the gnutella traffic flow is like watching a "live" statistic of what human beings are doing online.

    on the other hand, if you remove any porn- related keyword, probably you could reduce the traffic by a great 80%. but that's another issue (I thought of that because the 'sex' pic in the first jpeg of the article)...

    interesting though

    --
    -- There are two kind of sysadmins: Paranoids and Losers. (adapted from D. Bach)
    1. Re:amazing. like reading the gnutella traffic by walkern · · Score: 1

      I'd love to see a screensaver use this to pluck random images from the network and display them. Of course, any pr0n showing on your screensaver would only be the result of someone elses dubious work habits. I'm not sure if I could get that excuse to stick, but it might be fun trying :)

    2. Re:amazing. like reading the gnutella traffic by kipple · · Score: 2

      quite interesting idea. submit it to the creator of the tool mentioned on that site, or to the creator of driftnet (the same thing but on i386):
      you can find it here.

      maybe a pipe could be set up so that this software will write the jpeg that finds on that pipe, and the screensaver will grab them :)

      let me know if you want me to explain it to that guy [the idea is yours :) ]

      cheers

      --
      -- There are two kind of sysadmins: Paranoids and Losers. (adapted from D. Bach)
  21. EtherPEG is not Mac OS X only by tdemark · · Score: 2, Informative

    EtherPeg has classic and Mac OS X releases.

  22. Windows Anyone? by trueimage · · Score: 1

    Are there any windows programs that do this? if i weren't such a n00b i'd attempt to mess with the source but alas i wouldn't get very far. this looks cool, i need to try it on my linux box when i get home... unless someone finds a win ver :)

  23. I'm fairly stunned by shut_up_man · · Score: 1

    That none of those screengrabs had:

    1) Porn
    2) Ads, ads, ads, and more ads

    I thought I saw an obscured nipple on the first grab, but that was about it...

    1. Re:I'm fairly stunned by aderuwe · · Score: 1

      There's quite a few ads to see, but you are right about the one obscured nipple.. Such a shame.. ;)

    2. Re:I'm fairly stunned by PigleT · · Score: 1

      I saw quite a few ads - xbox included. Still surprised that there aren't more of them, though.

      --
      ~Tim
      --
      .|` Clouds cross the black moonlight,
      Rushing on down to the circle of the turn
    3. Re:I'm fairly stunned by GrenDel+Fuego · · Score: 2

      If you're in a conference room on a laptop, you can't really view much in the way of porn without people noticing. Most people wait until they're in private for stuff like that.

      The ads thing is a big curious though. I thought I saw some at least.

    4. Re:I'm fairly stunned by Anonymous Coward · · Score: 0

      heh, actually the first image has one huge shot in the back...

    5. Re:I'm fairly stunned by Anonymous Coward · · Score: 0

      shot of porn, I mean

  24. Irony by Innominate+Recreant · · Score: 2, Interesting
    Ironically, Rob Flickenger let every know what *he* was doing during Rob Johnson's keynote address as well

    Did *anyone* listen to the speech?

  25. Notice the refferences... by SkyLeach · · Score: 2

    to Goth, darkness and MSDN... I told you those blogging guys were really evil. The downward spiral obviously shows that the thin fascade of a "blogging" conference was really just a cover for the subliminal brainwashing techniques of Oreilly and his Kindom Hall lackeys.

    Down with Oreilley and their subversive book spam campaign!

    (Now go ahead and mod me into oblivion as a troll even though that was intended to be funny.)

    --
    My $0.02 will always be worth more than your â0.02, so :-p
  26. at the risk of pointing out the obvious... by BigMeanBear · · Score: 1
    You'd think that Slashdot, with its pro-privacy stance, would realize that something like this IS an invasion of privacy.
    Perhaps the point of the article was to make the very concept of unencrypted network traffic more tangible to less intelligent people.

    Erik
    --
    += E
  27. Pardon my cynicism by Innominate+Recreant · · Score: 5, Insightful
    You'd think that Slashdot, with its pro-privacy stance, would realize that something like this IS an invasion of privacy.
    An invasion of privacy on unencrypted data on a public network? And you're surprised? If you think that packets everywhere aren't being logged, sniffed, freeze-dried and reconstituted then you have a fundamental misunderstanding of how the internet actually works.

    If someone hacks my *private* network or illegally obtains my private encryption keys, then *that's* an invasion of my privacy.

    Sending or receiving unencrypted packets is like sending a postcard: it's not sealed, and it's not illegal for the letter carrier to read it. Sending an encrypted packet is like sending a letter. It's illegal for the letter carrier to open it.

    1. Re:Pardon my cynicism by stere0 · · Score: 2, Informative

      Sending or receiving unencrypted packets is like sending a postcard: it's not sealed, and it's not illegal for the letter carrier to read it.

      Where did you get that from? In most parts of the world, anything you send through the mail is private and it's illegal to read someone else's postcard. The same rule applies to the internet.

      --
      Trollem mirabilem hanc subnotationis exigiutas non caperet
    2. Re:Pardon my cynicism by alacqua · · Score: 3, Insightful
      If someone hacks my *private* network or illegally obtains my private encryption keys, then *that's* an invasion of my privacy.

      I must be missing something, because it seems to me that its an invasion of privacy either way. Just because it happens all the time and many people haven't protected themselves against, and many don't even know that they need to protect themselves against it, doesn't make it OK. Somebody straighten me out about how this is different.

      --

      Move on. There's nothing to see here.
    3. Re:Pardon my cynicism by billnapier · · Score: 3, Insightful

      You have to expect privacy to have it invaded. If you send packets across an unencrypted link, you should have no expectations of privacy, therefor there is no privacy to invade!

    4. Re:Pardon my cynicism by blaat · · Score: 2, Insightful

      See it as 2 people talking on the street about 100 feet apart on a busy day: everybody can here them.
      that's not really invading privacy.
      now, when they are close together and someone puts his head in, *that's* invading privacy ;)

    5. Re:Pardon my cynicism by Grape+Shasta · · Score: 2
      I must be missing something, because it seems to me that its an invasion of privacy either way. Just because it happens all the time and many people haven't protected themselves against, and many don't even know that they need to protect themselves against it, doesn't make it OK.

      I agree... based on that guy's logic, it's ok for someone to hop my fence, sneak into my backyard, throw my dog some meat, and peer through the crack between the curtains in my rear window, because I left the crack there. The process to put together the wireless data not meant for you is even more convoluted. Obviously noone intended to make their data public, they just wanted to have wireless access.

      --

      "I am a cipher, a cipher, wrapped in an enigma, smothered in secret sauce" -Jimmy James
    6. Re:Pardon my cynicism by benh57 · · Score: 1, Informative

      Um. You must be trolling. The internet has no "rules".

    7. Re:Pardon my cynicism by Dino · · Score: 2

      No, that would be tresspassing, silly!

      --
      That's not what I meant.
    8. Re:Pardon my cynicism by stere0 · · Score: 1

      Sorry, didn't mean to sound like I was trolling. I meant that if I started sniffing my LAN without telling my users, it'd be illegal in most parts of the world.

      Cheers.

      --
      Trollem mirabilem hanc subnotationis exigiutas non caperet
    9. Re:Pardon my cynicism by Omnifarious · · Score: 4, Insightful

      An invasion of privacy on unencrypted data on a public network? And you're surprised? If you think that packets everywhere aren't being logged, sniffed, freeze-dried and reconstituted then you have a fundamental misunderstanding of how the internet actually works.

      If someone hacks my *private* network or illegally obtains my private encryption keys, then *that's* an invasion of my privacy.

      Ahh, so a rule that isn't enforced by an architectural constraint isn't a rule at all. That means that when my fist connects with your face, it must be perfectly OK because there was nothing preventing me from doing so. That's really how your argument reads.

      Now, on the Internet, it's very hard to enforce certain kinds of laws unless you build in architectural constraints. We can have a debate as to whether or not the law should exist, given the costs of enforcing it within a certain set of architectural constraints. But, you can't argue that a law doesn't exist, or shouldn't be followed because there is no architectural constraint (actual code preventing you from doing it).

      That kind of thinking will lead to laws declaring certain architectures legal, or illegal, so it will be impossible not to follow the law because the architecture makes it impossible. The CBDTPA act and the DMCA are perfect examples. You're kind of thinking implicitly endorses the method by which they attempt to enforce the law.

      --
      Need a Python, C++, Unix, Linux develop
    10. Re:Pardon my cynicism by duffbeer703 · · Score: 4, Insightful

      So when the FBI uses carnivore to monitor email, that is not an invasion of privacy?

      If someone rifles through your garbage looking for information, that's not an invasion of privacy either, right?

      --
      Conformity is the jailer of freedom and enemy of growth. -JFK
    11. Re:Pardon my cynicism by Anonymous Coward · · Score: 0

      That depends on what you call a 'public network'. At work, at least in my office, you consent to monitoring (by the company) each time you logon. When you are hired, you sign an AUP which states that you will not sniff traffic or otherwise monitor others. Every user is then monitored by IDS sensors and proxy servers. If you sniff traffic or do not like being monitored by the company, you lose your job.

      What's my point? Just because it is unencrypted does not mean you have a right to sniff it. What was the venue for this conference (I'm too lazy to look it up)? In order to use the network, did visitors have to register? Where there a 'Terms of Use' somewhere?

      Further, I think your notion of privacy is dangerous. I fully expect my unencrypted traffic to be sniffed, but that does not make it right. Again, just because it is unencrypted does not mean you have a right to sniff it.

      And for your final point, if I can sniff your unencrypted traffic on a public network then why can't I sniff your encrypted traffic too? And certainly, if I sniff a copy, that copy is mine. Then there should be no harm in trying to break your encryption. I think you should have said "It's mathematically difficult for the letter carrier to open it."

    12. Re:Pardon my cynicism by Svartalf · · Score: 2

      Legally speaking, it's not. If it's trash, it is deemed to be of no import to you and therefore is fair game. A police officer may dig through your trash at any time and not need a warrant.

      --
      I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
    13. Re:Pardon my cynicism by SEWilco · · Score: 1
      "The internet has no "rules"."

      Gee, I really should file an RFC about that one of these days...

    14. Re:Pardon my cynicism by SEWilco · · Score: 1
      There have been many court cases about trash, but I think that generally the police are allowed to look through your trash when you leave it at the curb based on one of:
      • When you put it at the curb to be disposed of following city rules, you've given it to the city. It is legally trivial for a city police officer to be allowed to look at city property.
      • When you leave it outside your house, particularly on the city-owned boulevard, it no longer is protected by the search restrictions around your home.
      The situation can be different for non-city police, regulated investigators, or private citizens looking at the trash. For that matter, citizens do get prosecuted for stealing trash or recyclables based on their value to the city (even the worst trash can be of value when the city has a compost heap or requirement to incinerate a certain percentage of waste).
    15. Re:Pardon my cynicism by billnapier · · Score: 2

      FBI: Different rules apply when its a police agency. Since they have the power to arrest and imprison me, they have restrictions placed on how they can search.

      Garbage: Why do you think I have a shredder? I have no expectations that my garbage is private.

    16. Re:Pardon my cynicism by Grape+Shasta · · Score: 2

      Yes, legally it's different, but morally speaking it feels about the same, to me.

      --

      "I am a cipher, a cipher, wrapped in an enigma, smothered in secret sauce" -Jimmy James
    17. Re:Pardon my cynicism by Anonymous Coward · · Score: 0

      Sending in the clear would be akin to mailing a letter. Sending encrypted would be akin to mailing a suitcase with a combination lock.

      I suppose you're one of these idiots that feels it is his god given right to read everyone's email if its not encrypted too. Which is also strictly not legal. Which proves my point again.

      Get your analogies straight or shut up.

    18. Re:Pardon my cynicism by jagripino · · Score: 1

      Etherpeg or Driftnet are not hacking your privacy, in the strict sense: they're hacking your expected privacy, which is a different thing.

      You'd expect people to see what you are browsing by looking over your shoulder, not by sniffing your packets. Is it rude? Yes. Unethical? Maybe. I wouldn't do it.

      That is NOT different from, say, a sysadmin checking the proxy cache dir for pics/sites the users might be visiting. As a sysadmin, I believe I had the right to look at that data only when needed, say, if I need to find a file which is fscking my cache. Otherwise, it's hands off for me. My users EXPECT me not to follow what they are doing.

      Also, what these tools do is nothing new. I saw a demo of a Computer Associates product (sorry, can't remember the name) which goes even further, reconstructing the entire web page a given user is viewing.

    19. Re:Pardon my cynicism by gerardrj · · Score: 1

      Ignorance of the laws is not a valid defense, not for criminals OR those who think their privacy is being invaded.

      There are several standards for determining privacy in both real-life interaction and on-line interaction. People seem to be mixing these several definitions together in these arguments.

      The law in most any case I recall requires the person expecting privacy to take some clear action to request/achieve that privacy from private entities. Remember, the US Consitution's 4th amendment is written as to, and usually interprited as to restrict invasion of person and privacy by Government entities, not private entities. It takes extral Federal, State and local laws to provide the same protections from individuals. So remember: in the US you have no inherent right to privacy: you have the right to privacy in your private home/posessions from Governement entities (unless they shoe probable cause under oath to a court of law). Step outside and all bets are off.

      For example:
      The peeking in the window thing. If the bakcyard has no fence, and no signage, then yes... the person MAY enter your yard, feed your dog and perhaps peer in your window without violating any laws. The peering MAY be limited/restricted by some laws, but most peeping tom laws I've seen require a tresspass, which this Hypothetical Situation(tm) does not have. IF the yard where fenced, or signed then the whole thing would be a tresspass/invasion of privacy. In most places standing in the street and looking in windows is NOT illegal. There is no tresspass, and there should be no assumption of privacy if one can easily see the interior of the house from a public area. Laws also state that there is not reasonable expectation of privacy in a public place.

      On-line should be held to the same restritcitons/rules. In this case it seems easy to understand that the network was not encrypted/restricted and that MANY people could access it freely. This seems to meet the definition of a public place. Packet sniffing on this network would be no more illegal than looking in to the cars passing you on the roadway, listening to a conversation between people your sitting near in the mall, etc.

      For clarification, a Public Space is generally any place that can be accessed without restriciton, membership or fee by the general public. So a Shopping mall's storefront areas are a public space (though still private property), the hallways that have closed doors and are marked "employees only" are not, even if the doors are not locked. An Interstate highway is usually a public space, the sections that are limited access toll-road would not be a public space even though they may be public property.

      --
      Article X: The powers not delegated... by the Constitution...are reserved...to the people
    20. Re:Pardon my cynicism by Anonymous Coward · · Score: 0

      hmm, 802.11 is pretty damn unencrypted - no wiretap even required. in this case it's more like: if someone listens to you shouting out the window to someone, that's certainly not an invasion of privacy!

    21. Re:Pardon my cynicism by hkhanna · · Score: 1

      Sending an encrypted packet is like sending a letter. It's illegal for the letter carrier to open it.

      Maybe that's one of the arguments they used to pass the DMCA. I mean, hey, if encrypted information is like a letter, then why should it be legal for anyone to open the letter (break the encryption) other than whom it was intended for?
      ... Or maybe I'm just on crack.

      Hargun

      --

      Think nothing is impossible? Try slamming a revolving door.
    22. Re:Pardon my cynicism by Alsee · · Score: 2

      Ahh, so a rule that isn't enforced by an architectural constraint isn't a rule at all.

      No. It's all about the definition of "reasonable expectation". The courts ruled that a postcard has no reasonable expectation of privacy, but that an envelope does.

      The simple fact is that many people have the capability and perfectly good reasons for seeing the data on their network. Just like you can't blame the postal worker when your postcard crosses their vision.

      The fact is the data can reasonably be seen by others. Therefore no reasonable expectation of privacy can or should exist. Encryption can create a reasonable expectation.

      Someone else pointed up this sounds line a pro-DMCA argument. It isn't. When a company sells me something, I can't believe they could have any reasonable expectation of privacy in the contents of my purchase.

      -

      --
      - - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
  28. Slashdotted, here's a copy by stere0 · · Score: 5, Informative

    Note: the server is apparently still able to serve the images. Click on the links!

    Tapping the alpha geek noosphere with EtherPEG

    by Rob Flickenger
    May. 15, 2002

    So there I was at ETech, sitting in the back of the Emergence discussion, listening to Rael Dornfest, Cory Doctorow, Clay Shirky, and other extraordinary blogging minds thought about the blogging world.

    I was thoroughly enjoying the discussion, but I had to wonder, how were the other 200 people in the room reacting to the proceedings? Response seemed very favorable, but I did see quite a few faces staring down, with accompanying tell-tale key clicks buzzing about the room.

    If only there were some way of getting into the collective stream-of-consciousness of the crowd, to gauge their actual reactions to what was really going on up on stage...

    If you've never heard of EtherPEG, its a Mac hack that's been around for a while that combines all of the modern conveniences of a packet sniffer with the good old-fashioned friendliness of a graphics rendering library, to show you whatever GIFs and JPEGs are flying around on your network. It's sort of a real-time meta browser that dynamically builds a view of other people's browsers, built up as other people look around online.

    The effect was staggering. As I expected, traffic was very light at the beginning (a couple of big news and blog sites were obvious, and strangely enough, the Microsoft Developer's Network.) But as the talk continued, some people were obviously letting their minds (and their fingers) wander...

    Early traffic showed a very wandering bent.

    I was impressed that when Tim O'Reilly stood up to ask about whether bloggers were building a city or living in their own ghetto, virtually all traffic stopped. Evidently, this was something that almost everybody in the room was interested in listening to. And once Tim sat down again, the pixels began to flow once more.

    After a little while, the atmosphere took on a bit of a dark turn. Lots of images of law enforcement agency websites, some american flags with an angry eagle bursting through, and possibly darkest of all, a Britney Spears fan site. The theme continued as Clay Shirky was discussing "maps and non-player characters" and the downward gothic spiral expanded...

    Further down the spiral

    It became obvious that the crowd could be viewed as a living organism, with its own cycles of activity and rest. The chaotic effect of random images plastering themselves on my screen gave me a unique point of view-- it was a sort of mental feedback (much like audio feedback, even with the accompanying headache, only this headache was in some bizarre fourth dimension.)

    The End

    By the end, the dark forces had definitely descended. I was treading on some very dark back waters of the collective geek subconscious... Think Evil Dead and PDAs in Washington DC. I had definitely descended into a sort of techno hell, the sixth circle of hades, where the damned are only given t-shirts after they listen to a short marketing presentation.

    EtherPEG isn't for the faint of heart, especially at a technical conference. The gentleman sitting next to me leaned over and inquired about how he could prevent me from watching his traffic... The technical answer is easy: run application layer encryption (ssh tunneling, vtun, ipsec, pptp) to a point outside of the wireless, and then your traffic will at least be protected from neighboring wireless eavesdroppers. But the philosophical answer is much simpler: I have stared at the sun, and for the sake of my sanity, will never again look directly at the consciousness of the online ueber-geek collective.

    Unless I really want to...

    Rob Flickenger is the O'Reilly Network's Systems Administrator

    --
    Trollem mirabilem hanc subnotationis exigiutas non caperet
  29. Using grab for screenshots? by stere0 · · Score: 1

    I know this is completely off-topic, but thought this would probably interest some people.

    Rob uses Grab for screenshots. On Mac OS, you can use apple-shift-3 to take a screenshot, apple-shift-4 if you just need a part. There are more shortcuts here, put that page in your bookmarks!

    --
    Trollem mirabilem hanc subnotationis exigiutas non caperet
  30. PNG Support? by Anonymous Coward · · Score: 0

    Well, I had to ask. It's an awesome graphics format.

    Why the hell aren't people using it, yet? It's smaller than gif and doesn't have those messy patent issue... AND 24-bit png transparency rules!

  31. switched networks by Hecubas · · Score: 1

    Um, switched networks anyone? Great, now I can see all the images that my system is pulling in off the web.

    Whee!

    --
    Hecubas
  32. Simple response to privacy concerns. by lfourrier · · Score: 1

    It's easy : when at a conference, be polite, listen, don't surf.

  33. surprised? or naive? by greensquare · · Score: 1, Insightful

    What makes you think it isn't?

  34. Just because it's unencrypted doesn't mean ... by jackDuhRipper · · Score: 4, Insightful

    it's not private.

    The EtherPeg stuff is all in good fun, especially where the people knew they were being sniffed, BUT ...

    Would you also say that it's OK for me to walk around with my 900MHz radio receiver and listen to peoples cordless phonecalls? They're not encrypted; are they private in your estimation?

    Can I intercept cell calls?

    How about screen RF from folks' ATM transactions (the bank kind)?

    None of these are encrypted, but all of them are private by most reasonable standards.

    1. Re:Just because it's unencrypted doesn't mean ... by ethereal · · Score: 1

      Actually, by a reasonable standard those are not private. If you send unencrypted information out to all and sundry, you can't complain if some of us happen to read and understand it. It is not "reasonable" by any stretch of the imagination to imagine that you can bombard the world with signal and expect the world to keep the secret, any more than if you were to write your private diary in 6-inch type on your front lawn.

      Unfortunately, the legislature and the courts, not understanding the technology involved, have not based the law upon a reasonable standard. Instead, we have laws that pretend to preserve privacy but instead just give the illusion of that protection. Really, those laws are worse than nothing, since people think their unencrypted transmissions are "secure". If the law described the truth of the matter more clearly, everybody would use encryption, and they would have real security.

      You can call it "private" and "reasonable", but as long as I can sit out in my garage and listen in without anyone ever being able to tell that I did so, then it ain't private and you have no real expectation of privacy.

      Note: not that I'd do that, but there's no reason I couldn't. Or that your neighbor couldn't, to be more exact.

      --

      Your right to not believe: Americans United for Separation of Church and

    2. Re:Just because it's unencrypted doesn't mean ... by matthewcraig · · Score: 1

      This coming from someone with a user name of "ethereal". Is there a direct or just ideological link from your name to the network sniffer package "ethereal"?

    3. Re:Just because it's unencrypted doesn't mean ... by ethereal · · Score: 1

      Totally random - I just liked the name, and have no relation with that project (in fact, I'd never heard of it when I picked the name). I don't speak for them, etc., etc.

      --

      Your right to not believe: Americans United for Separation of Church and

  35. not entirely convinced by sbuckhopper · · Score: 3, Interesting

    I'm not entirely convinced by this article.

    Okay, I guess we kind of have to take the guy's word for it, but he may also be trying to get a rise. When I look at the three collages that we've been presented with here, it seems to me that he tried to put the most shocking pictures up front of what we would be most thrown off by (except for the pr0n of course), and then hide all of the pictures of people who may have been searching on things relevant to the talk in the back of the pictures.

    As a systems/security administrator, I am not convinced that a large majority of the images snarfed here didn't have at least something to do with subject at hand and could have come from people that were legitamately trying to look up more information on what was being said. After all, what I could make out of the half to three-quarter covered pictures was that they were either typical web-adds or pictures from the O'Reilly web site.

    I would want to see all of the pictures to be totally convinced that everyone was doing time-killing browsing.

    --
    "Everybody knows the moon's made of cheese," Wallace.
    1. Re:not entirely convinced by russx2 · · Score: 1

      And is it me or do these supposed 'image sniffs' (for want of a better description!) seem to have been faked?

      Now I'm not one for conspiracy theorys but the images include such things as menu bars and drop down dialog boxes. Now I'm not entirely sure but this program basically sniffs network traffic like any other sniffer until it recognises an image format, correct? Well if that is true, how can he/anyone explain the drop down menus etc. Surely they're rendered by whatever OS!

      Maybe it's just me...

  36. Private vs. Abile to Be Heard/Seen by jackDuhRipper · · Score: 2

    You can call it "private" and "reasonable",
    but as long as I can sit out in my garage and listen in
    without anyone ever being able to tell that I did so,
    then it ain't private and you have
    no real expectation of privacy.
    You make decent points, but you still seem to confuse your ability to see or hear my doings with the private nature of my doings themselves. This i agrue, is a slippery slope ...

    If you're on your garage listening in to me in my backyard, the problem is not my unreasonable / ignorant expectation of privacy, it's THAT YOU'RE LISTENING TO ME AND INVADING MY PRIVACY.

    The slipperiness of the slope comes in where you say "I can listen in, easily, to you, so you therefore cannot expect what you're doing to be private."

    So, if you had a machine available to you that decrypted all SSH traffic on a subnet you specified, without you or it breaking a sweat, does this mean it's unreasonable of me to think my SSH session is private?

    Extreme, yes - but it's precisely the same point.

    1. Re:Private vs. Abile to Be Heard/Seen by ethereal · · Score: 1

      I think my point is that if you're broadcasting something, then you have to take extra steps to make sure that someone doesn't intercept it, including encryption, frequency hopping, etc. It's not me "invading" anything if you're sending me the radio waves in the first place, any more than I would be trespassing if you started heaving bricks over your fence :)

      Now, if you're having a quiet conversation inside your house, and I have to hook up a parabolic mic or a laser listening device in order to figure out what's going on in there, then I think there's a little better argument for me actually doing some "invading".

      The bottom line is: you should have more of an expectation of privacy if you're doing things that would reasonably ensure that privacy. For example, holding the conversation indoors, speaking in a low voice, etc. If you are using a broadcast medium for communications that is known to be easily interceptible, then in order to receive the same expectation of privacy I think you should need to take further steps to ensure that privacy, like using encryption, etc.

      It's a good question - if I could easily crack any crypto, would you still have an expectation of privacy? I think that if the crypto hole is well-known, then you probably have no expectation of privacy if you persist in using it (for example, the original Wi-Fi crypto that was shown to not be fairly secure). But it's reasonable to say that if nobody knew that it was breakable (for example - if I figure out a gaping hole in AES this morning that nobody else has seen), then people that still use it had some expectation of privacy (at least as much expectation as one can have when using a public broadcast medium).

      It's still a judgement call, I agree, but the judgement should take into account the true security (or lack thereof) of current communications systems. Right now the assumption seems to be that any RF communication is private, which is a poor assumption.

      --

      Your right to not believe: Americans United for Separation of Church and

  37. umm wireless anyone by johnjones · · Score: 2

    read it(the article) people accept what they get given at a conf and this guy set it up

    I would be amused if I could see what other people where doodling

    regards
    john jones

    p.s. laptops are easy to clone all they do is put it through a Xray machine take a good look at it then ask them to unpack it then put it back through Xray machine, hold image on screen Xray off hidden compartment opens remove hddrive replaces it or clones depending on risk and then sends person on way ..... detailed in MI5 docs

  38. Re:Let's hope managers/supervisors don't find this by Indiana · · Score: 2, Informative

    Managers already do this. Many companies put all their employees on web proxies for exactly this reason. I have friends that work in large companies where it is a known fact that managers review

    1) Page views
    2) Attempts to view blocked pages
    3) Email with questionable content
    4) Usage statistics on mail servers

    As a result, I've helped those friends use web proxies and and SSL to add privacy to their workstations. putty port forwarding and a remotely running squid are their best worktime friends.

    --
    "The explanatory command for unix is man." Chauvinism or bitter irony? Discuss.....
  39. Not analogous. by Svartalf · · Score: 2

    "So, if you had a machine available to you that decrypted all SSH traffic on a subnet you specified, without you or it breaking a sweat, does this mean it's unreasonable of me to think my SSH session..."

    Actually, it would be reasonable of you to view it as private- because you took some sort of measures to ensure it was not directly visible, you encrypted it with something. Doesn't matter if you use IDEA or a Captain Crunch decoder ring- you have some reasonable understanding that it's supposed to be private between you and those you're communicating with. Just because you can unpack it without effort means little in regards to privacy- you took some measures to obscure your communications so that they'd be private.

    If you take no precautions, it becomes much more of a grey area. A telephone conversation (not mobile) could be deemed as private because under normal circumstances, only the people involved in the conversation could really be listening (normal, being not wiretapped, etc.). A typical mobile phone conversation, however, is much more analogous to a CB channel or you shouting your head off in your house with the windows open than a standard telephone conversation (No matter how much the mobile companies want you to think of it like a magic phone, it's still more of a radio than a phone in almost every sense of it's operation.). In that case, no real measures have been taken by anyone to obscure the content of the conversation going on over the airwaves.

    There is no assurances of privacy involved in either of those cases, and unless you're using a digital spread spectrum phone (something making the session more resemble a wireline conversation- tougher but still not really obscuring it in a way that can't be snooped...) or encrypting it (preferably both in light of the previous aside...) you're operating under conditions not unlike the CB situation- whether you realize it or not. Ignorance of the conditions you're operating under doesn't make it any more a privacy protected situation.

    --
    I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
    1. Re:Not analogous. by atomic+brainslide · · Score: 1

      if i didn't know better i'd say you were arguing for the DMCA.

      whoa.

      --
      check out my comic: Essential Tremors
  40. switched networks not a problem... by osjedi · · Score: 1

    Run the linux equivalent (Driftnet) in a remote x-session on your linux gateway (w/ dislplay on your local desktop of course). You'll catch all the traffic. ;)

    --
    -=-=-=-=- osjedi uses Debian GNU/Linux. -=-=-=-=-
  41. It is, at my company. by ThwartedEfforts · · Score: 2, Interesting

    I'm using driftnet though, not EtherPeg, since I don't have OSX. The machine sits out on the floor where everyone can see all the images that are being downloaded. Few people go to non-work related sites now, even though it doesn't say which computer the image came from.

  42. Some more points. by npsimons · · Score: 1
    If someone hacks my *private* network or illegally obtains my private encryption keys, then *that's* an invasion of my privacy.

    Sending or receiving unencrypted packets is like sending a postcard: it's not sealed, and it's not illegal for the letter carrier to read it. Sending an encrypted packet is like sending a letter. It's illegal for the letter carrier to open it.


    Pardon my cynicism, but how far do you think you'd get in a case brought against the US government if you just happened to catch them sniffing packets on your so called "private" network?


    I've long believed that on the 'net, there is no law. You want privacy/security, you use the highest encryption available. It then is no longer a question of whether it is illegal or not, it becomes a question of whether or not it's possible to crack it. A "technical solution to a social problem" if you will. The law can go fuck itself at that point.

    --
    Nathan's blog
  43. it sort of exists by Chaostrophy · · Score: 2

    Xscreensaver has a package called webcolage, it grabs images at random off the internet, I supose hacking how it gets the images would be easy enough.

    --
    Plato seems wrong to me today
  44. Use arpspoof by engine+matrix · · Score: 1

    arpspoof from the dsniff package should allow you to sniff on a switched network (provided that your machine is on the same subnet). arpspoof fakes the target machine into thinking that you are the default gateway. the target machine's packets are then forwarded to you where you pass them on (via kernel level ip forwarding or fragroute) to the real default gateway. http://www.monkey.org/~dugsong/dsniff/

  45. Like Ozymandias Watching TV... by jgro · · Score: 1


    ..as the "transdimensional tear" takes place in Watchmen . If memory serves, he samples dozens of TV stations to update his investment portfolio in real-time.

    Interesting thing would be see how the patterns change as more and more people became aware of the sampling.

    --
    Vulgo enim dicitur, iucundi acti labores.
  46. Re:Let's hope managers/supervisors don't find this by poot_rootbeer · · Score: 2


    Snooping on your employees is a terrible policy, even putting aside the obvious point that employees have less trust for employers who don't trust them.

    How much time do these managers spend on making sure the minions aren't doing anything non-work-related? Wouldn't the managers' time be better spent MANAGING?

  47. Re:Let's hope managers/supervisors don't find this by jonbrewer · · Score: 2

    What more frequently happens is that traffic is monitored until a complaint arises or the boss needs an excuse to get rid of the employee. Having set up such systems for companies, I know. They don't want to know what their employees are doing online unless it is affecting their work or their coworkers.