Grad Student Project Uses Wikis To Stash Data, Miffs Admins

← Back to Stories (view on slashdot.org)

Grad Student Project Uses Wikis To Stash Data, Miffs Admins

Posted by timothy on Sunday April 12, 2009 @04:06PM from the going-on-the-beg-forgiveness-principle dept.

Anonymous writes "Two graduate students at the Ivy League's Brown University built a P2P system to use abandoned wiki sites to store data. The students were stealing bandwidth from open MediaWiki sites to send data between users as an alternative to BitTorrent. There was immediate backlash as site operators quickly complained to the University. The project appears to be shutdown, but many of the pages still remain on the web. The project homepage was also taken down and the students posted an apology this afternoon." The same submitter links to two different forum discussions on the project.

16 of 268 comments (clear)

What the Page Originally Said by Anonymous Coward · 2009-04-12 16:08 · Score: 5, Informative

Google Cache still has the old data.
http://209.85.173.132/search?hl=en&q=cache%3Ahttp%3A//graffiti.cs.brown.edu/
C&P of page text (in case the cache updates quickly):
Graffiti Networks
A Subversive, Internet-Scale Peer-to-Peer File Sharing Model
Abstract:
The proliferation of peer-to-peer (P2P) file sharing protocols is due to their efficient and scalable methods for data dissemination to numerous users. But many of these networks have no provisions to provide users with long term access to filesafter the initial interest has diminished, nor are they able to protect users from malicious clients that wish to implicate them in incriminating activities. We present a new file sharing paradigm that harnesses the potentially unlimited storageof the Internet as a third-party intermediary for peers to indirectly transfer data with each other. We base our decentralized architecture on the premise that users trust file sharing coordinators, but do not trust any other user. Our key contributions in this paper include an overview of the design for a P2P system that implements our new model and a discussion ofthe challenges that such a system will likely encounter.
People:
* Andrew Pavlo - Brown University
* Ning Shi - Brown University
1. Re:What the Page Originally Said by schmiddy · 2009-04-13 01:37 · Score: 5, Funny
  Note from Bot #1536: Moderators, please mod to +5 so that all bots see this post.
  
  filename: X-Men.Origins.Wolverine.2009.WORKPRiNT.XviD-NoRar.avi
  chunk: 1050
  total chunks: 10342
  encoding: base64
  Post-Id: wADP1bX99oZfbC13udF
  
  499Vm0C+Yq/ 8Tix8fxSTmuRLmVlhPkJ7oDVazbUpuoM2MR 4nf9RAidWI+Twy5tZeArnSZSm+f ikLjPW14Xw4N9f 5nZqFiQiVOcESYUHbwbod/ NBzGeJ6rAY6o+fikLjPW14 Xw4N9fSc0L4jbXI2AjGQKy Ftiimwe1cJ6LMMXCCnsyoVT PA2ZH95XQ1aeyN98/nerWrL tbiUPrnkbK3NJyLiN2j/OKp yR1Y7R1gZIzKYqBhUPiyITY L3f3AdXw1vflQpNOg2QbOeI nhLdu2AaJLXqX8VhV7MeTV58 IWePNlD+wUWKL0CS+6Wt+zG/ a0qbKvpTuKnoeyWp1UcvLlfEq iU1FOyjxaR5BA1hUcAeHaQG 0pPbGK74MTXe9NVYa0E2vtTP 5iNe3t76DLPjCM0P7r+KJJea SF6BQKBLhzpXPeZVCsmXHPHC hIAsOV4huZFE+fX5cAwwNpE+ Y8ZbNqNN/Drj/eRzXLIghkNl Wn1iEB7aEn7e brQ9MUGAYasx0Lx7WYzmwU1T k5GhYb4j5QNqi7nDMSeXuY1l FTJmbMKpPoTpn22aWPEEuVvO j2umDm+GWLk4kPU8ODRg1Uep Sifu72YkEpExpg
  Anti-Slashcode text: had a very accurate perception of what was good for herself. So, she appropriated the greater part of the weekly stipend to her own use, and consigned the rising parochial generation to even a shorter allowance than was originally provided for them.
  --
  http://cltracker.net -- powerful craigslist multi-city search
Theft? by palegray.net · 2009-04-12 16:10 · Score: 5, Interesting

The students were stealing bandwidth from open MediaWiki sites
The fact that some "admin" abandoned a site, with open privileges to post on it, does not constitute theft. I manage servers and write code for a living, and while I'd put a stop to such practices on any site I managed, the use of the term "theft" is laughable.

This is very much reminiscent of Microsoft crying to the media that all their security problems were due to evil hackers, and not their abject failure to follow long-accepted industry practices for code reviews and architecture. My response: cry me a river, and congrats to the grad students for their innovative work in the field of distributed communications.

--
512 MB RAM, 20 GB disk, 200 GB transfer, five datacenters. $19.95/month.
1. Re:Theft? by caffeinemessiah · 2009-04-12 16:19 · Score: 5, Insightful
  
  My response: cry me a river, and congrats to the grad students for their innovative work in the field of distributed communications.
  I'd pause before calling this innovative. It doesn't really take much to encrypt data, chop it up and stash it on MediaWiki sites -- either in theory or in practice. If you want something "innovative" in the same vein, I'd vote for the guy who wrote the device driver that lets you use GMail as a drive (spawning many copies). Sure it isn't "distributed", but you could set up multiple GMail accounts to handle the contents of your drive. Clogging up other people's wikis is d**k at worst (and possibly a violation of the CFAA), and really not too much of a security threat at best ("oh? my disk is full? hmm...just dump this spammy user account, or restore the last backup, and password protect the whole business.").
  What these grad students have done is demonstrate that open mediawiki setups can be spammed. Whee.
  
  --
  An old-timer with old-timey ideas.
2. Re:Theft? by palegray.net · 2009-04-12 16:24 · Score: 5, Insightful
  
  I deal with this stuff all day long, predominantly from IP connections far outside U.S. jurisdiction. These students were, in my rather experienced and measured opinion, doing the community a favor by pointing out exactly how easy this sort of feat is to pull off.
  
  Their note about using reCAPTCHA is sound advice. Admins who depend on TOS policies and their nation's legal framework to defend against networked threats are negligent in their duties. I don't waste my time worrying about chasing people around for violations of my sites' terms of service. Instead, I focus my efforts on deploying technical solutions that fix the issue.
  
  --
  512 MB RAM, 20 GB disk, 200 GB transfer, five datacenters. $19.95/month.
3. Re:Theft? by palegray.net · 2009-04-12 16:30 · Score: 5, Interesting
  
  Hey, I agree it was a dick move on the students' part, but I still respect the research. Everything is obvious in hindsight, by the way.
  
  What these students have really done is make a very public demonstration of something that's possible before less ethical parties got a crack at doing it on a large scale. For that, they should be commended. Would you condemn those who release proof-of-concept code for security exploits just because a vendor sat on their ass for months, refusing to care about the problem?
  
  --
  512 MB RAM, 20 GB disk, 200 GB transfer, five datacenters. $19.95/month.
4. Re:Theft? by tagno25 · 2009-04-12 17:06 · Score: 5, Funny
  
  True. But if I don't lock my front door, that doesn't mean it's ok for you to take my stuff.
  But if you are in the UK I can come in and watch the TV if it is on.
5. Re:Theft? by Jafafa+Hots · 2009-04-12 18:22 · Score: 5, Funny
  
  Someone oughta think of a way to post chop data files and post them to the usenet - after all, it's just sitting there all abandoned like.
  
  --
  This space available.
6. Re:Theft? by aliquis · 2009-04-12 18:52 · Score: 5, Insightful
  
  Don't ask me how you're supposed to know this...
  
  Common sense? Works for most of us ..
7. Re:Theft? by mea37 · 2009-04-13 02:37 · Score: 5, Insightful
  
  What I find the most amazing about this thread, is that each participant seems to assume that one, but not both, of the following statements are true:
  1) It is wrong to take what isn't yours even if it is easy (i.e. because nobody has put security mesaures in place that can stop you).
  2) It is foolish not to have decent security measures in place.
  Now, I agree that the use of the term "stealing" in TFS was a stretch; but that has everything to do with the fact that the offense was one completely different from theft and nothing to do with whether the sites' security was as it should be.
  The thing is, what constitutes "decent security" depends on the society and the situation. There are many places in the world where even today it is considered normal not to lock the doors of your home. This does not magically mean those places don't have property rights.
  When 3rd party harm is a concern (securing a gun, etc.), the standards are different -- but even then the guy who takes the unsecured gun and abuses it is not blameless even if the gun owner also isn't blameless. With the world of botnets, etc., networked computers belong in a category somewhere more sensitive than an electrical outlet on your porch but less sensitive than a gun.
  "There's an old saying that your freedoms are only valid to the extent that you're able to defend them"
  One of the principle means by which we defend our freedoms is by organizing into a society of laws.
Forget the wikis... by fucket · 2009-04-12 16:11 · Score: 5, Funny

...I want to hear more about these MILF admins.
SlashdotFS by goombah99 · 2009-04-12 16:21 · Score: 5, Funny

Apparently they don't know about SlashdotFS. This system uses an english hidden markov model sentence constructor to generate plausible comment text and save it as reply's on slashdot. The path through the markov model is variable having multiple word choices at each node so it can encode arbitrary data and can be decoded by replaying the message through the same network model.
It was just a toy till 2003 when a pair of graduate students realized the information density could be dramatically enhanced by introducing spelling, gramatical errors, typo's and l337-speak into the model.
Comments encoding these are usually late posts in the discussion threat and frequently replied to by grammar nazi's.
It's now one of the major Warez dumping sites since it is particularly useful for immutable data of low value.

--
Some drink at the fountain of knowledge. Others just gargle.
1. Re:SlashdotFS by adavies42 · 2009-04-12 16:31 · Score: 5, Insightful
  
  this is terrifyingly plausible
  
  --
  Media that can be recorded and distributed can be recorded and distributed.
  -kfg
2. Re:SlashdotFS by dangitman · 2009-04-12 18:01 · Score: 5, Funny
  
  Comments encoding these are usually late posts in the discussion threat and frequently replied to by grammar nazi's.
  Replied to by the grammar Nazi's what?
  
  --
  ... and then they built the supercollider.
Re:Why???? by Cyberax · 2009-04-12 16:48 · Score: 5, Insightful

You're abusing TOR network, it was NOT meant to be used for high-bandwidth applications.
Please, stop doing it. Exit nodes do not have unlimited bandwidth.
Re:It may not be theft... by palegray.net · 2009-04-12 22:19 · Score: 5, Insightful

You couldn't be more wrong. When it comes to proof-of-concept research that illustrates a vulnerability, "If I didn't do it, somebody else would" is one of the noblest defenses known to man.

--
512 MB RAM, 20 GB disk, 200 GB transfer, five datacenters. $19.95/month.