Slashdot Mirror
Browse All You Want At Work
choka writes "I came across a new Mozilla deriative known as Ghostzilla. It has the ability to open and hide the browser within most applications with simple mouse gestures, ensuring no one will discover what por^H^H^Hsites you visit in office ;) (i.e., if your sysadmins don't check the proxy logs...)"
Congrats! Now Mozilla will be on that hot list of stuff not able to download and use at the office!
GOOD THINKING!
Good quote, too many chars. Seriously, the slashdot 120 char limit sucks!
where can I hide my Cheryl Tiegs poster?
This is one of the most devious things I've seen in a while! I love it!!. It reminds me of old shareware PC games, where you could hit the F9 key to escape to a DOS shell, so you wouln't get caught at work. Hugo's House of Horrors anyone?
Until some idiot accidently embeds the wrong figure within his PowerPoint presentation.
At the board meeting:
"As you can see in this full-page figure..."
"Well, something about that figure is certainly full..."
as I sit here at work on a Friday afternoon reading slashdot.
Speaking of simple mouse gestures, the site has been slashdotted by a simple click! :)
But what if your hands aren't on your mouse?
I don't have a sig...Do you??
Thats why I use links. Perfect for viewing websites that you shouldn't be, with the added bonus that if you run it remotely through an ssh connection, the sysadmins *CAN'T* look up your history in the proxie logs.
Wah!
Leaving that on a shared laptop, your boss is giving a presentation for a room of investors and with one deft flick of the wrist.. goatse.cx pops up.
That would rock.
Trolling is a art,
if your sysadmins don't check the proxy logs
:)
There is a distinct difference in a sysadmin who checks the log and rats you out, and a sysadmin who checks the log and gives you a few tips on a really good asian schoolgirl site.
its the wang in my hand I wish was easier to hide!
(let the small penis jokes begin. i can take it!)
"Old man yells at systemd"
What platform does this run on... the screenshots show only Windows. Is there a Linux version? The download link doesn't allow you to specify the platform...
I've worked plenty of places where IS and IS only were allowed to install ANY software. Even though most of us were developers with years of experience, unauthorized installation of anything was potentially grounds for termination.
Roving Web-Teleoperated Robot
Include a custom peripheral, like Steel Battalion does.
This peripheral would convert any office chair into an ejection seat, for those times when you absolutely positively cannot get out of admitting you were surfing the web, instead of working.
...
yet more proof that porn drives innovation....
what is the saying? "necessity is the mother of invention"
it should read
"horniness is the mother of all invention"
*crosses fingers* porn industry don't let me down...
daddy wants a holodeck
nbfn
Ghostzilla is a browser for surfing the Web when you don't want anyone to physically see what you are doing. It renders Web pages to look indistinguishable from your work screen. You make it disappear instantly with one move of your hand and bring it back with another. Ghostzilla can show Web pages discreetly within literally any application you work with.
and the screen shots.... I'd believe everyone would be better of if you waited atleast some 30 minutes before hitting that download button. Why?
** Here is an analysis of the Slashdot Effect.
Wow, this is great! That's because the office is, of course, the best place in the world to oggle porn. Yeah.
So now instead of seeing the embarrassing sites you're visiting, your boss will only notice more frequent hand...er...mouse gestures.
It's all going according to
Slashdotted already? Guess that says something about how popular (and necessary!) this is for slashdot readers!
:-)
Of course, I know it was unavailable because I tried to get there asap.
"People who do stupid things with hazardous materials often die." -- Jim Davidson on alt.folklore.urban
And at my work, like most other workplaces no doubt, they check the proxy logs anyways, so it wouldn't be much of a gain. It would be very easy to write a little script to go through and identify the "top" web surfers and to see who's surfing sites with pr0n-related terms, or anonymizing sites.
<hypocrite>Anyway, you should do your web surfing from home!</hypocrite>
"Luck is the residue of design" -- Branch Rickey
Since most of these work spyware programs search for IE specific history, you're still pretty "safe" using normal Mozilla.
Even the humans do this, seems to me like most of the tech support guys searching for 'inappropriate' material are looking in the IE history anyways.
Why is slashdotting a site so hilarious to you fools? Every time a story is posted there are a dozen idiots that get modded up to +5 funny just saying "oh gee, look, their site's down"
1) There's nothing fun about being the admin of that box
2) The fact that all these sheep are blindly clicking on the link is sad and pathetic
3) It's just not humorous.
I've had this for awhile. I call it "Alt-Tab"
Now I can read /. all damn day! NOOO000ooooo....
I just see a purplish or bluish screen?
--Joey
thinking about people looking at pr0n at work. Read that as ERECTION seat.
Gave me a very strange mental image. I think I'm going to go to sleep now...
*Shuts door, puts head on desk, hopes the boss doesn't walk in*
Xaotik Designs
looking for "inappropriate" material, usually need look no further than their own history folders.
"Politicians are interested in people. Not that this is always a virtue. Fleas are interested in dogs." P.J. O'Rourke
you can even schedule it in to your diary.
turn the web cam back to base off tho.
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
Since I don't have access to Windows, and their download is an EXE, I can't check myself, but if their download includes the browser itself, isn't this a license violation? Where's the source?
.EXE for me?
If it's installed on top of/under a seperate Mozilla install, all is fine.
Can someone take a look at what's inside that
Did you read anything from the site? It does a little more than add mouse gestures. It puts a black and white web browser window on top of any application (framed in current application) without any borders, buttons, etc. It's certainly not invisible but someone could easily walk by your desk and think you're not browsing the web. All the mouse gesture does is eliminate the browser portion of the screen allowing the original app to shine through. Since human vision is so tuned toward movement this method of hiding draws far less attention than your plain old mouse gesture.
used to have a 'The Boss Is Coming' button - when pressed the screen instantly changes into something like a Lotus 1-2-3 spreadsheet. Once the danger has passed you press it again to get back into your game where it was.
Another DOS stealth trick: create a directory named ALT-255, it doesn't show up in dir listing. We'd put the games in there. That doesn't quite work in Windows tho.
try { do() || do_not(); } catch (JediException err) { yoda(err); }
One of the VP's here complains about getting too much porn spam at his work address. Not because he's opposed necessarily, just because it's all straight, and he's definitely NOT. I browsed his bookmarks accidentally when I was messing with Outlook for him. He's got quite the collection of favorites.
And apparently at the company staff only Xmas party a year before I started, he was tanked enough to scream "holy shit, she's got tits" about one of the interns that had only been around a few months.
I love my job. However, I think our HR manager hates hers.
"Politicians are interested in people. Not that this is always a virtue. Fleas are interested in dogs." P.J. O'Rourke
Because of this key in mshtml.dll/ about.moz"
HKLM,"Software\Microsoft\Internet Explorer\AboutURLs","mozilla",2,"res://mshtml.dll
There are also specific keys for:
PostNotCached
blank
Now, how mozilla ranks a key, and that no MS code review found this is anyone's idea.
"Screen resolution in the pictures here is 800x600, but Ghostzilla works with literally any resolution and any size and position of any application window."
;)
C'mon, they can't be serious! A program that runs in any resolution? That would totally rock.
sure it does.
but when your company sees you pumping traffic through an anonymous/encrypted proxy, they'll assume the worse and..well..you get the idea.
I run WindowMaker on Linux and I hot-key the switch workspace command to ALT-1 (next workspace) and ALT-2 (previous workspace). It's extremely efficient to simply leave terminal windows and applications maximized in their own workspace and just hop between the screens when you need to switch to a different app. It's like tabbed browsing, once you get used to it, it's hard to go back to the old way.
--It's Pimptastic!--
Nothing like giving the lusers a false sense of security!
good old close window popup exploit. one of the biggest exploits with javascript and it hasnt been limited or anything.
i remember writing a javascript that not only generated random geocities sites. but opened 30 random geocities sites, each in a new window, and then the page would also open two copies of itself also. so itd double and double and continue to open geocities sites until the cows came home. or the memory ran out.( which is a pretty long time on current pcs)
i wrote this in response to the fact that our school was monitoring our net usage to make sure we werent playing games (slime voleyball, etc.) through a proxy program placed on a g4 comp.
this overloaded that proxy. so they removed it.
Pornzilla Modifications - stealth profiles, image zoom, view (but don't download) all linked images, go to next/previous thumbnail gallery or image.
Leech - download all links from a page that have an extension in your list of extensions to download. The author didn't figure out how to send referrers with the requests, which is annoying because many porn sites require a correct referrer header, but there are several workarounds included with Leech.
The shareholder is always right.
Sure. Set up squid on your home box, and do
ssh -L 3128:localhost:3128
set localhost:3128 as your proxy address.
yeah, and i have a even more smarter browser. it encrypts all displayed images, so no one knows that the image on the screen is p0xxxrn.
That's why we all keep boxes of kleenex on our desk.
Duh!
That way you didn't even have to take your hand off the mouse in a hurry when the boss walked by.
Not off your mouse, no. But you will need the other hand for the option key.
Mirror provided by Mr HOSTBOT
RudeDude
Perl/Linux/PHP hacker
Just put in your own DNS info in your TCP/IP settings, and disable the proxy server setup, and there's no issue (minus a packet sniffer, of course, but...). What's the issue? Am I missing something (seriously, that's an honest question, I've gotten around several proxy logs this way)?
I'm not a prophet or a stone-age man,
I'm just a mortal with potential of a super man.
Hmmm... well in linux you've got:
a) Lynx/Links... hmmm: If your boss sees you checking out ASCII nudes he/she will probably just shrug and think you're more crazy than perverse.
b) Gnome's *"Multiple desktops" through which to carry on both your work and another to browse slashdot or the "other" activities mentioned quite often
*WinXP has this too with TweakUI, but the taskbar doesn't change so and all it really does is reposition windows, making it a lame and semi-useless knock-off. Too bad as I find this one of the most useful features of the linux GUI.
Doesn't help if the gateway is intelligent enough to log your traffic....
Vintage computer games and RPG books available. Email me if you're interested.
... instead of closing it? That aint that useful u know. I can envision many situations when it could make things much worse.
Back in the day when I blindly opened executable file attachments without thinking, (Hey I was a kid, I didn't know about viruses and network security. I thought MS-DOS was an original, fully functioning operating system!!) I used to get lots of those comical programs designed to embarass you while at your desk. You know, the ones that opened up a porn pic of a man playing with himself, that u just couldn't close. Well one such time I received the goatse.cx picture via this method. I went to kill the process. It died. Phew, lucky escape. Little did I realise, that it had spawned a child process. Suddenly I had loads of little windows with scaled down goatse.cx pictures. So I turned off the screen. To my (and the rest of the JAM PACKED computer lab's) horror, a mans voice singing. "GIMME SOME ANAL LOVING" blared over the speakers....
So basically no amount of hand waving will save your job, if your boss looks at a computer screen full of windows containing work relevant source code, while he hears the moans of a hentai anime school girl being pleasured by a giant robot.
Not that I have ever.. er.... seen such... errrr... material like that errr... ever. No really. I haven't.
I hate this forum. It makes me sig as a dog
I happen to agree with the plugin sentiment. That said, I still recommend trying this thing out. It may not be a technical victory per se, but it's still damn cool. I can't get over how fast it works. I may never really use it, but it's still damn cool.
:+)
Damn cool. 'Nuff said.
Please mod this post only if you think others should/n't read this. I have enough ego^H^H^Hkarma. Thanks!
Actually, ssh with the right switch can be a SOCKS proxy all by itself; no squid required.
'Course my /. threshold is high. Maybe someone already pointed that out.
Did you read anything from the site?
Hell no! If I had actually READ the article, there's no way I could've gotten that smartass comment in in time.
Am I the only one who heard Roxette to sing "I'm gonna get blitzed for some sex"?
Great, now thanks to Slashdot every boss knows of Ghostzilla's existence. Although what boss would have the nerve to suspect an employee of using Ghostzilla, and ask him or her to press CTRL-ALT-DEL in Windows to prove it. Is there also a "KILL" mouse gesture? I mean a way to kill Ghostzilla from memory so that there is no evidence? Thanks.
from the LANs to the web with an eye dropper and only through "twice firewalled" intranets.
Good thing too. Its a bank with networks of OLD pentium machines running NT 4.0 SvcPk 6. (Sniffers of any kind would degrade performance so severely as to be noticable!)
Production systems run on mainframes and connect via encrypted leased lines that have no connection from the mainframes to the 'Net.
Can't be too careful with financial systems.
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
Years ago, I was running a firewall for my company(this was back when firewalls were "BRAND NEW" and "MYSTERIOUS".
Anyway, at the same time, my wife was working for a company for a real asshole boss.
Keep reading, this gets better.
Anyway, she ended up quitting a long-time job because she couldn't stand her asshole boss.
Well, after she left, that company pretty much went down the toilet and he was looking for a job. It turned out he got a job with my company.
I think you can see where this is going.
We only kept aggregate logs; the security guy and I had the unwritten rule on porn...once or twice was an accident, more than that was surfing for porn.
Well, one day, we noticed a lot of hits to some site that sounded "porn-ish" if you know what I mean.
I checked the site, and sure enough it was porn. Not only that, but it was men on boy gay sex. Hoo-boy.
We checked back on the IP address...you guessed it, her old boss was surfing gay kiddie porn at work.
Got his sorry ass fired within 8 hours. My wife to this day will forgive me almost anything when she remembers getting her old asshole boss fired for gay kiddie porn.
Seriously, this only happens in sitcoms, but this time it happened in real life.
Ha ha ha ha ha ha ha.
A rather verbose memo about not putting the seat up before you take a leak. :-D
If you are an accountant and the figures for next quarter are REALLY GOOD they might just give it a miss. :)
I loaded the site shortly after the article first came out and it was just dead. Clearly, it was slashdotted.
But I loaded it just now and look what I got: "Account for domain ghostzilla.com has been suspended." Is it possible that we pushed the site over a hosting-set bandwidth limit?
Seriously, there should be a policy when it comes to posting links to small servers on the front page of slashdot. The owners of the pages should be contacted for permission, and if possible mirroring so that the site is not blasted into oblivion.
Posting links on slashdot is destructive and this is a perfect example -- it got a person's account suspended! Instead of spreading the ghostzilla love around, it was annihilated. Not good at all.
doesn't that violate the GPL? ... Nope
[alk]
So in Windows you can either get caught with naughty bits on your screen, or just appear as if you were thoroughly contemplating the desktop background...
No...you do a screen capture of some important looking shit and use the "set as wallpaper" function!
You're using her as bait, Master!
You could try working at work? After all, when I go to work, my boss expects me to work. Using the internet is not something that should need to be hidden. If you have a job, you go to said job to earn a paycheck. To earn said paycheck, perhaps you should try, you know, doing your job. It's what we normal people do.
Guns are like umbrellas and condoms. Better to have one and not need it, than need it and not have one.
Of course, when you boss sees that you change whatever you're looking at whenever he approaches, he's going to get very suspicious, no matter what it is.
Keep it open, and point out something relevant in the background to him. Better to be thought the kind of sad geek who'd look past a beautiful naked woman to examine a server in the backgound, that someone who browses porn at work.
Honestly, Porn at work? You deserve to get fired. Browse your porn at home.
dave
So finally we know what MS had in mind when they allowed any application to take control of any window and do anything they want to it. Well thanks MS after all! A local root exploit is just a minor feature if we get to do this with it too!
-- 'The' Lord and Master Bitman On High, Master Of All
Friend of mine works at a place which only allows HTTP/HTTPS traffic to pass the proxy. It's not port-based firewalling, it's packet inspection. If it isn't HTTP, it doesn't go thru.
His solution? He developed a java applet which gives him shell access to a Linux box (which also is running a webserver, necessary to serve the applet due to java security). It tunnels over HTTPS to a session running in userspace on the server. He doesn't need root to make it work, either.
There is a much easier solution: use Corkscrew.
Hey, I'm totally with you -- but not everyone works for an "enlightened" boss (or bosses above your direct boss!). At my last job, I read Slashdot daily. (On slower days, at least once a morning and again in the afternoon.) I really considered it relevant and work-related too. I mean, sure, I skipped anything that was just a movie review or talk of a new arcade game....
But I was always the first to have knowledge of new updates and fixes for new security risks, as well as good suggestions for the occasional software for a special niche need.
Unfortunately, I also took a lot of flack from the "higher-ups" for my appearance of "doing nothing constructive" when people from other departments walked by and saw me "web surfing". I had to justify my usage time and time again, and it seemed like each time only quieted them down for a few weeks at the most.
Eventually, I ended up losing that job. Can't really say it was over reading Slashdot, but I have the sneaky suspicion it didn't help matters any. Given a similar situation at a new job, would I do it all over again though? Yeah, absolutely. The net's biggest problem is a lack of quality sites that cull through the really interesting and relevant news, and put it in one place. Sure, you can go read ZD stuff and get the "party line" opinions on everything - but beyond that, there's Ars Technica, Slashdot, and a handful of respectable sites for hardware benchmarks and reviews. Other than that, though, what do you have? Would a company think it's a better use of time and money to buy those multi-hundred dollar a year "Dr. Dobbs Journal" subscriptions and have you read those??
Personally, for most companies using a Windows NT/2000 or XP type environment - I think they should make more use of the concept of the "power users" group (or security groups along those lines).
While it's really not manageable to let users go loading anything and everything they like on their PCs - it's just about as bad when the opposite is true. I worked in that type of environment before, and with only 250 or so total PCs in the whole environment - we often had to waste considerable amounts of time loading special software onto people's PC by "special request". Especially for people like engineers; they receive quite a few "30 day trials" of expensive programs they want to evaluate before making decisions on what to use for a project.
I think the best solution is to grant users software installation privileges on a case-by-case basis, by dropping them into the proper security group. In fact, if you're worried about them abusing it - just add them to the group only for a temporary time-window (say, 1 week from the time they request it). That lets them do whatever they need to do, and still keeps them from abusing their access level months down the road. (Not only that, but as an admin, you know changes made that might be adversely affecting something else had to be done by only certain people, within a certain time-frame -- so you can more quickly isolate/fix them.)
Man, no kidding. I run the old RealPlayer 8.0 or whatever it is - because their newer versions are screen-wasting, bloated crap.
Nonetheless, I want the ability to hear an RA stream - because sometimes, it's just darn useful.
Unfortunately, the stupid RealPlayer keeps blinking to tell me I need to upgrade to their newer software, and I can't find a way to stop it.
Someone oughta write a small patch/hack to de-blink that damn thing!
...but will this extension work with Phoenix? Phoenix is based on Mozilla, but I'm not sure if its stripped-down manner will let this work.
Note to M1-ers: a curt but otherwise insightful message is not "Flamebait" or "Troll".
Our systems here are primarily our problem. I don't think they really support the things we do beyond reimaging the drive if it is truly hosed. We all have access to ghost anyway, and I've learned from experience to keep images of systems when you have them in a specific configuration you're going to need for testing, etc.