Slashdot Mirror
Triangle Boy Lives
mlinksva writes: "Safeweb cancelled their free service late last year, but their P2P anonymizing proxy, Triangle Boy, has been spotted in the wild (south of Fort Worth, Texas). 'Because of its stealth nature, the P2P software does not show up in reports from many filtering products and the administrator doesn't even know the problem exists and has no way to check it.'(via UniteTheCows)."
Orange, Calif.-based 8e6 Technologies helped conduct the tests.
"The results were startling," said Chad Ingram, network technician at Crowley. "The only filter we tested that stopped Triangle Boy use was the 8e6 Technologies R2000. Then, using the 8e6 Enterprise Reporter, we took a look at the logs to see if we actually had users trying to contact the Triangle Boy network. We found that in the first 48 hours, users had gone to the primary Triangle Boy Website over 30 separate times."
Fucking fancy that! The only way to detect this evil P2P software is to use this peice of software. Of course is just so happens that the people who discovered the shocking truth also sell that product.
It must be the wildest fucking coincedence in the history of computing.
"The school said it is now adjusting its network to detect Triangle Boy and other similar applications." What if anything about this software will keep it from being filtered in the next revisions of filtering software?
The same function as Triangle Boy can easily be duplicated by anyone with a linux box on a permanent Internet connection. Just set up an HTTPS squid proxy.
Clever users will also note that you can tunnel this over just about any port you want. Make this an encrypted tunnel and no filter in the world will detect it. If your school/network allows even a single TCP port out to the Internet you can do this. (Some places allow arbitrary TCP ports to be forwarded via the HTTP proxy. Other places may have a SOCKS or similar proxy available. Those would both work for this in the event all direct connections are blocked.)
I do miss Safeweb. That open proxy was very helpful for casual browsing. The closest non-open substitute I've found is http://www.anonymizer.com.
Sya, which company was it again? This Triangle Boy is surely a threat to my network security! I must go and by the only firewall product that can block this terrorist menace!
Not only do they get their press release on siliconvalley.internet.com, they get a free ad on Slashdot too!
I personally have been in a University which performed heavy filtering, and even worked in the IT department of the school. I do not have a problem with blocking or lowering priority for certain p2p apps such as Napster (back in the day), kazaa, etc. I do however have a major problem with filtering web access. While p2p is a major problem in terms of bandwidth and is clearly not for academic purposes (the vast majority of the time), many blocked websites are quite useful for academic purposes. As an example, my school blocked the Google cache and pretty much all translation sites, because they could be "used to access pornographic content" (not neccessarily images). It seems that the possible benefits of said cache (which include pdf -> html and .doc -> html converters) and benefits of all the translation software massively outweigh the possible use for reading pornographic content. I must say, I welcome all such apps as triangle boy and hope to see them spread more widely, as it appears that is the only way we will keep the internet a place where information flows freely, without restrictions from those who would love to brainwash the masses. May Triangle Boy, Peekabooty, and any other similar projects flourish.
If Mr. Edison had thought smarter he wouldn't sweat as much. --Nikola Tesla
A public school system in a country that values democracy and free speech filters its web access, most likely for not only pornography but also for hate speech, breast cancer information, and 2600.com, and is now desperately trying to get rid of a stealthy program that is meant to circumvent the oppression of free speech in repressive dictatorships.
From what I saw in my time in the US school system, this sad, ironic situation pretty well sums up how the school system here works.
I personally have been in a University which performed heavy filtering
Did everybody on campus go to chapel together?
Did they also have lights-out in the dorms at 11pm, after the "Dorm Mother" made sure that all members of the opposite sex had signed out and left?
Did they hold seminars explaining that "self-abuse" could lead to blindness and hairy palms?
Did they ban Elvis for swiveling his hips, and look askance at all the "groovy" kids who went to the campus rally for Adlai Stevenson's presidential campaign?
Policies like your uni's scare me a lot more than the thought that some geek might be pullin' his pud to pictures of Paulina Porizkova.
Opinions on the Twiddler2 hand-held keyboard?
. . .
Boy does this sort of advisory wind me up. FUD about users downloading applications, I've seen this on almost every pitch for expensive firwalls and security consultancy recently.
This ought to be so simple - do not allow users to have sufficient priviledges to install software!
Problem solved.
Okay, before I get flamed, this won't work for developer teams or your admins - for whom I merely suggest you can implement a draconian contract - i.e. fire anyone using any software not explicitly authorised (a minimum policy imo) and have a regular *external* audit.
Neither will this work for networks of Win9x clients, because you can't set appropriate secuirity policies. However you could always get SMS from M$$$$ or write your own scripts to call registry entries and check them against a permitted template so as to flag suspicious installations. At the end of the day it may even be worth upgrading your clients. Or just installing Linux and StarOffice, if you can, he he :). But with respect to upgrading even say from Win9x to Win2k, which ain't cheap, it's still probably less expensive than all the FUD claims - even the reality - of lost security and lost productivity from unauthorised use of your network resources and manpower.
Oh yeah, and you *do* only open ports explicitly at your firewall, not close off ports in response to the latest "advisory" don't you :-)
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
When the subject is Spam, I see lots of people insisting that they have the right to control what is on their computers. (True)
When the subject changes to filters, suddenly the people who own the computer suddenly lose the right to control the content? The Company you work or or the school that you attend owns that computer that they installed the internet filtering software on, and they have as much right to "censor" internet access on their computer as you have to "censor" email from spammers on your computer.
I'll admit that the commerical filtering software is garbage that often blocks the wrong sites and allows access to some sites that they should have picked up, but that dosen't change the fact that the owners of the computers have the right to install the software.
Don't like the poor software availble? Then start developing an open source filtering software that works better and offer that as an alternitive to the junk that is currently used.
Want full unrestricted access? Use your computer instead of one that was provided to you to do a job or for educational access.
Quemadmodum gladius neminem occidit, occidentis telum est