Slashdot Mirror
Proxy Sites Offer Secret Passage to Myspace
JafSquared writes "As sites like MySpace.com gain popularity in young adults, schools all over are finding that taking measures to keep kids blocked out of these websites is becoming increasingly difficult. As this hype continues, proxy servers such as "Box of Prox" are springing up like wildfire. While system admins furiously work to diminish the strain placed on their school's local networks from sites like MySpace, these proxy sites are enabling easy access to restricted areas. However, schools aren't the only places that are feeling the heat. Proxies have also been becoming a bit of a complication in the workplace. To the more advanced user, the proxy server can become a tool for malicious intent as this article, delivering an anecdote with the termination of an employee, so poignantly details."
Wow, Slashdot sure is on the CUTTING EDGE of TECHNOLOGY NEWS!
I'm just waiting for more fallacious appeals to emotion in the fight against kids talking to one another.
Do politicians even consider how ridiculous their arguments are? Why, ghettos have become a haven for drug dealers, prostitutes, and other nerdowells! Do we ban ghettos? No, I believe parents simply teach their kids about the dangers of going there, and before they're old enough to understand that, the parents simply don't allow them to go there.
It's sad how human ignorance comes back with a vengeance with the emergence of any new technology or tool, without fail.
I wonder why kids have internet access at school. Do someone really want them to have ADHD since childhood? Aren't they supposed to learn something while they sit in waiting to be online back home?
Sorry for me spell bad, not a native but I'll do my best
How is this news? People have been using proxies forever to get around blocks.
As sites like MySpace.com gain popularity in young adults ...
The last time I was in a young adult, I know I certainly gained popularity.
It is possible to filter out these sites with a little more work. For example, my company blocks any url that contains 'proxy'. It also filters most proxy sites that you can find on Google.
2 UuY29t&hl=1111101001 then they could just visit that link, see what it was and block away.
Also, if an admin notices they're getting a load of traffic to say http://surfinsecret.com/index.php?q=d3d3Lm15c3BhY
I got around it by installing my own copy of phpproxy on my server and use it infrequently for certain sites. There's a lot of traffic to my domain anyway because I run an application my department uses on there, so it's fairly safe for me.
My school district already hates me, just because I was using a VNC connection over an SSH tunnel to work on some stuff at home (yes, this was for a school project). For whatever reason they thought I was trying to access banned sites... funny thing is, I don't even like MySpace. Or any of those sites.
Creative misinterpretation is your friend.
The next internet is already being implemented by hobbyists, idealists and realists. There are those who want information to be free, those who want the Big Government(TM) to keep their hands off, those who feel that it's time to take the 'net back. These people are like you and me: they are tired of reading about the latest threats made by the RIAA/MPAA to bend laws to their twisted will. They are tired of knowing that bills introduced by the government to Combat $concept(TM) will be abused by special interest groups. They are fed up with the Fear, Uncertainty and Doubt being planted by media and corporations.
Some of these people have gathered and joined forces to build their own version of the Internet. An Internet for the people and by the people. One such implementation may be found at http://anonetnfo.brinkster.net/ and http://anonet.org/
This is not a darknet of paedophiles, script kiddies and warez traders. It is an independent effort by those who think that the Internet can be more than a money making scheme by Big Business or tool for brainwashing the masses.
Go on, take the blue pill. Wonderland is waiting.
When I was in school (5 years ago), schools were trying to block well known proxies, but were unsuccessful at blocking those of us with 'home brewed' proxy servers. This wasn't really such a problem, because the policy was "get caught looking at sites x, y or z and you lose your computer privileges", why does this approach not work with advent myspace et al?
Proxies aren't such a big deal anyway, I worry more about the possibility of a savvy user with a bootable USB flash drive and OpenVPN.
MacBook Pro. Worst name since the Bicycle
Blocking sites is a half-assed solution since students will always find a way to expend bandwidth. (Personally, I think that the 'net doesn't need to be in classrooms anyway. I went to HS from 1993 to 1997 and survived just fine without going online in school.)
-b.
But the moment, you introduce blockades to access to a "cool" thing like myspace or facebook, these talents become valuable in terms of utilization. More kids learn these, use these and try to out-do the other in terms of l33tness. If there aren't the artificial boundaries drawn by the authorities, these skills would have never been learnt, developed and hopefully put to good use in the future.
Whatever they block these with, they just raise the bar for the kids. Clever, curious and with the power of the rest of the internet behind them ... there's nothing that's totally blocked off. Probably threats to those who break the security and offer real world punishments maybe, but blocking it all is impractical. Of course, then there are those who prefer forbidden fruit to the ones in the fridge, for the momentary thrill of breaking some rules.
I remember breaking the proxy at a college where I was giving a talk. All I did was ssh -D 8080 into my box and bypassed the "security" of the campus network. But I did that by unplugging the monitor cable, running ssh and plugging the monitor back on in under 2 minutes.And lo, meebo.com suddenly worked. The kids thought I was some great genius or something. THat kind of ego-rush to a 17 year old teenager can drive them to do far more than just break firewalls to get kudos from their peers.
These kind of restrictions just favour the kids who learn to use the system, instead of just fighting it on the streets like the average politico.Quidquid latine dictum sit, altum videtur
For the purposes of myself (who at first just wanted to play sudoku at WebSudoku...) and others in my class at college (who wanted MySpace) I set up a CGIproxy on my webspace. A few months later, it had to be removed; for a start, because even when password-protected, the thing sucked up about 50% of the CPU time on the (shared) server on which it was located. In the end me and my classmates were a minority, it was mostly others using it (I did get a very nice email from a US Marine in Iraq asking for the password... I wasn't horrible enough to say no :) I kinda pity the people who do the same thing, set up a proxy for their own personal use and watch it get used by just about everyone and their dog.
By summer it was all gone...now shesmovedon. --
Despite years of fiddling with my own home networks and hearing about ssh tunnelling, I'd never set up an ssh tunnel and never "got" the reasons for it. That's changed recently, and now I'm a convert. I know this is basic crap among most of the /. crowd, but here's how I can anonymously surf at work:
I have Proxomitron at work to get through the firewall. It acts as a local proxy server, and works with our something-Point firewall. It seems like only ports 80 and 23 are open. No port 22 for ssh, and no ports for email.
Using puTTY configured to look at the local proxy server, I establish the appropriate ssh tunnels to my Linux box at home. I don't know why this works, so any explanation would be cool. I'm using port 22 via the Proxomitron local http proxy over the corporate http proxy to my plain vanilla Linux box. Fscking mystery to my how it works, but it does. Setting up puTTY to work directly with the company firewall doesn't work, and I have no idea why. Proxomitron is required.
Of course now with all the right tunnels, I can use FireFox on my Linux box or even Safari on my Mac (if I leave it on) via VNC, and I have instant anonymous surfing. Yeah, I know I'm using a helluvalot of bandwidth, and I generally don't need or do any anonymous surfing anyway.
So, what's my traffic look like to my company IT boys for my interesting setup? I'm assuming that my secure ssh connection doesn't let anyone know what I'm doing over ssh; that's the point. But yet I have this traffic flowing out of Port 80 to Port 22 somehow, and it's either little tiny bursts when I'm working in bash, or it's a bandwidth hog if I'm using SAMBA or VNC over the connection.
-----
The whole initial point of the excercise was to talk to my MythTV box while on the road. All I wanted to do was ssh in to check my RAID status. I also had all kinds of ports open on my router so I could http into MythWeb, and Webmin, and MythStream, and SMB, and the router itself, and ftp, and generally a big mess. Now all I need is my single ssh port, and I'm good for everything without all of those open doors. At work I use puTTY, at the hotel I've got my iMac (remind myself to look for an ssh tunnel control panel so I don't have to keep using the shell).
Even with ssh, I'm subject to brute force attack, right? Wasn't there something like a magic knock I can setup so that I ping a certain sequence of ports in the right order, my ssh port opens up, otherwise being closed? Probably won't work for me, as I have a proprietary hardware router...
--Jim (me)
Half of what I learned in high school, actually probably 2/3-3/4 of it, I learned online at school or on my own time. A lot of the stuff that I read was at one point or another restricted, like a lot of libertarian stuff (including the party site) was restricted because it advocated drug use.
That's how the pea-brained morons that make most filtering software think. Yet a friend of mine would pull up porn sites like pink.com (back in the day) and laugh about it.
I have been out of college for 6 months and so am young enough to remember high school life. It was a waste of my time. I plan to homeschool my kids because they shouldn't have to "fight the system" to get anything interesting out of it.
What does the internet have to do with ADHD? Ohhhh... That's right. Anything we don't like kids doing must cause ADHD.
1997 called. They want their story back.
Seriously, I can't be the only one here who wrote a CGI proxy server so that I can get around censorware (like BESS) while in high school. I even sold access to it to my fellow students!
Code is simple:
# fetch the url specified after the "?"
# prepend the url of the proxy to all link tags
# print the page out to the user
So all you have to do is run apache with this CGI from home, and you never have to worry about censorware again.
A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
For Yahoo Messenger and other IM programs, there are JavaScript clients like Meebo that have garnered a good reputation for being trustworthy. (How do you know it's secure? You don't, of course, but you don't do anything secure over IM anyway)
Similarly, it's only a matter of time before the MySpace cottage industry cranks out a few JavaScript programs to read and reply to MySpace messages, post to blogs, and whatever other services MySpace offers.
For more information, click here.
I work for a company outside of the education process. However, we hire lots of young people, either as summer positions, or as newly graduated employees. The MySpace accounts created by school-aged members are not revoked once they come of age. My company can't easily do a whitelist, due to the nature of our business, which includes using the Internet as a search tool. So we are put in a position of blocking myspace and other such portals, so that the bandwidth is available for work activities. Using a proxy site or an anonymizer raises a red flag in our environment, as it is an indicator that the person knows that what they are doing is against the Acceptable Use Policy. I can't believe that ours is the only company dealing with this issue. A generation that has grown up "connected" wants to stay that way -- and occasionally needs to be reminded that the resources they use at work are accessible for personal use, only as a privilege. The needs of the company to get work done outweigh the personal desire to access non work-related sites.
That's no reason to blame MySpace. By the same token, MySpace users could say that Slashdot's either full of egotistical nerds or people with delusions of knowledgability...
By summer it was all gone...now shesmovedon. --
Other than the background music, you're describing slashdot.
"To the more advanced user, the proxy server can become a tool for malicious intent as this article, delivering an anecdote with the termination of an employee, so poignantly details.""
The part about the firing was short and rather matter-of-fact. Where, exactly, was the poignancy?
In the words of a famous Spaniard, "I do not think it means what you think it means."
#DeleteChrome
Schools and others who wish to restrict access need to start whitelisting allowed sites, rather than blacklisting prohibited ones. Yes it's a lot more work to whitelist a thousand useful resource sites rather than blacklist MySpace. However, if the schools work together on a single system they can spread out the burden sufficiently. Otherwise it's just a game of Wack-a-Mole.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
Just this last year, our school introduced an extremely-restrictive proxy that would often block legitimate research sites (as well as all the fun ones.) In addition to finding a few workarounds (ping to get IP address, use that instead; google translation; etc.), I wrote a happy little program that I distributed throughout the computer lab.
o n=ADULT-CONTENT), it sent a nice little email to the IT guy. It was very polite, just saying a sentence or two about how I believe site.com had been added to the filter list in error and I would request its removal. Multiply that by every blocked site ever visited, though... :-D.
What did this program do? It ran in the background, monitoring Internet Explorer's address bar (couldn't find a nice API for Firefox, but mozilla.org was blocked anyway). When it detected that the proxy had taken over (http://www.lghs.net?blockedsite=mozilla.org&reas
(Yes, I know it's probably not moral to use school computers for this. Yes, I know he could have created an email filtering rule to send the messages to the trash. I liked it, and so did the users. *Shrug*.)
"May the days be aimless. Let the seasons drift. Do not advance the action according to a plan."
I think the problem is, is that apart from creating a whitelist of sites (which is a pretty crappy way of using the Internet), there's no way to really keep kids off of sites you don't want them to see. You can't blacklist all the bad stuff, and once something is encrypted, the firewall would be very bad at filtering anything out. It may be a lack of knowledge, but it's also the lack of a solution. I don't know why they need internet except on certain computers anyway. When I was in high school, we had 1 or 2 computers in the library that had Internet, and it wasn't that out of the way, so you didn't dare try to do anything unauthorized. Mind you, we still did a lot of unauthorized things, like run gorillas, nibbles, or Cross Country Canada when we weren't supposed to, but nothing that they really cared about too much. The computer rooms were empty most of the time anyway. Most students used computers once in a while to type up a big essay, but that was pretty uncommon even in high school. Most research was done with books in the library. I don't believe that the Internet has changed the world so much in the last 10 years that kids need the internet for doing their school work. Are the even any reputable essay sources you can use on the Internet without paying?
Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
I'm not the grandparent but I can respond to this. The way most K-12 systems are setup this is largely unavoidable. All computers are on one network within each school building. I know in the system I worked for most schools had one router and a class C of address space. The Internet access was provided by the state, and all sites ran through central office and through a firewall there. There was no way to provide completely seperate VLANs and routing because the state controlled the core routers and wouldn't do so. Our policy was that bookkeeping and other critical systems were kept off the network unless absolutely necessary.
Personally I wanted to use cheap Linux boxes as NAT routers/firewalls and put the entire office of each school behind one but that never came to be. It also never will, the system eliminated my position so now there is no network admin. Things will start falling part soon because I was the only person there who knew how to run most of the stuff I had implemented. (Which also greatly stabilized the network from how it was when I started. They had no network admin when I started either.)
Well yeah, but welcome to the reality of K-12 school systems. Often the network admins hands are tied by arbitary crap that's decided upstream. Even the most competent network admin can't do shit when they can't change parts of the network or the system refuses to buy the necessary equipment to implement even the simplest, cheapest solutions.
I can tell you've never worked IT in a K-12 system, and so can anyone else who has. I've done systems and network administration for years and in places other than K-12, and K-12 is an absolute nightmare. The students are your enemies, there's no two ways around it. It's not all of them, some are simply curious, some really want to learn but quite a few simply want to do whatever the hell they want to do, when they want to do it, and don't give a damn about learning anything that they don't need to know to access their game/porn/social networking site. They'll damage software installs if they can, they'll hose profiles, they'll screw up entire labs to the point of near being unusable all so they can play a game. I've encountered every one of those situations, and it's very hard, and very time consuming to get ACLs and permissions exactly right on every single point of attack that they'll use. (Also keep in mind that in my case I had 18 sites to deal with and was the only network admin. A lot of time I simply didn't have time to get all the fine details exactly right because I had fires to put out in other schools.) They also use attacks that you'll never see anywhere else, and frankly it's amazing and scary both. If these kids would bother to direct that intensity at learning they'd probably end up being brilliant, as it is they're generally hardcore slackers who don't care if they get suspended or expelled as long as they can play their game one more time.
I don't think it's necessarily bad to teach network programming to sophomores, but you don't know the realities of K-12 network administration at all or you'd understand why the grandparent said it was a bad idea. It IS a bad idea the way most K-12 networks are forced to be designed, and until that part is fixed (and you'll have to talk to people much higher up the chain than your local system to get that fixed, like your state congresspeople) it will remain a bad idea.
I use squid's bandwidth buckets to tarpit access to 'web contraband' like .swf files and can whitelist legit sites if needed.
Anyone who reads that from this so called "Network and Computer Systems Administrator" will be seriously scratching their head. First, they used a tool from the same people that make Webwasher pseudo-ware. This software basically looks for HTTP GET requests and prepares a report. Then he mentioned they found evidence of a leet batch file, "footprints", whatever those are, and of course this employee of theirs was some leet uber hacker going to deploy the latest and greatest worm on their network of poorly secured network running some sort of automated intrusion detection ware.
Then he ships the system off to Forensics (what company has a Forensics department I don't want to work at) and they were able to find all the bits, maybe even some bytes. When it came down to it, the company supposedly terminated the employee for using an online anonomyizer service, assuming they couldn't prove he was using it to break company policy.
If this story is true, which I highly doubt based upon the anecdotal evidence of this so called "Network and Computer Systems Administrator" they should have fired none other than this dumbass. Bullshit article.
"I'll just chip in a bit for RedHat: I actually have that installed on my university machine." - Linus, '95
Here's why you got modded down:
You gave an opinion about a Mac.
You never give opinions about Macs on slashdot (or really any forum). EVER.
There are two main camps:
1) Those who believe Macs are the saviors of all computing and Apple can do no wrong.
2) Those who think that Mac users are 'fags' and are stupid for wasting their money.
Even if you have a rational opinion, a person with moderation points from one group will lump you into the other group, and thus mod you down on principle.
Sorry, but that's how it is. Don't touch the Mac subject, that's like talking about Israel vs. Palestine, or Emacs vs. VI. All it does it get everyone to whip out their E-Penises.
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
there is usually some horrible music playing in the background that is difficult (if not impossible) to stop.
Luckily some of those antithetical-myspace-geeks have http://userscripts.org/scripts/show/3299/ saved us from the hell you speak of.
http://www.haxwell.org