Archive for the ‘Hacktivism’ Category

Introducing panic_bcast

Thursday, December 13th, 2012

panic_bcast is a network protocol panic button operating decentralized through UDP broadcasts and HTTP. It’s intended to act a panic button in a sensitive network making it harder to perform cold boot attacks. A serious freedom fighter will run something like this on all nodes in the computerized network.

How it works

1. An activist has uninvited guests at the door
2. The activist sends the panic signal, a UDP broadcast, with panic_bcast
3. Other machines in the network pick up the panic signal
4. Once panic_bcast has picked up the panic signal it kills truecrypt and powers off the machine.

panic_bcast was written with the intention to support any form of UNIX that can run Python. It has been tested successfully on Linux and FreeBSD.

To trigger the panic signal over HTTP simply request http://…:8080/panic from a machine that is running panic_bcast. Whichever will do.

Please note that panic_bcast is a beta and more sophisticated ways to prevent cold boot attacks are planned. You can view these plans by searching for the word “TODO” in the source code.

The source code is available on Github.

Remember kids: there’s no home for swap in opsec.

FortiGate censorship analysis

Monday, September 12th, 2011

The S23K, also known as the Pirate Bay tour bus, had boarded a Scandlines ferry from Trelleborg. We were a group of pirates and hackers on our way to Chaos Communication Camp 2011 in Finowfurt, Germany. There was free satellite WiFi available on board, and after a while me and my friend jaywalk of Telecomix discovered that one of the project’s home domains, cryptoanarchy.org, had been blocked for being a “malicious website”. With approximately an hour left from reaching Germany we found this to be a perfect opportunity to warm up.

The blockade of cryptoanarchy.org, filtered as a “Malicious Website” most likely triggered by the occurance of the word “anarchy” in the domain, was quickly evaded by accessing the site using HTTPS. SNI (Server Name Indication) was ignored. We found that airvpn.org was blocked on IP level and so was thepiratebay.org.

We found that blockades on the IP level were forwarded to port 8008 on the FortiGate gateway. Accessing the gateway directly gives a login prompt for disabling filters.

If you’re interested, their 756 page system manual is publicly available for download. If you read between the lines you’ll be able to extract information on how to work around their censorship or even disable it completely. :-)

FortiGate categories

  • Abortion
  • Abused Drugs
  • Adult Materials
  • Advertisements
  • Advocacy Groups
  • Alcohol and Tobacco
  • Arts and Entertainment
  • Brokerage and Trading
  • Business and Economy
  • Computer Security
  • Cult or Occult
  • Cultural Institutions
  • Dynamic Content
  • Education
  • File Sharing and Storage
  • Financial Data and Services
  • Freeware and Software
  • Download
  • Gambling
  • Games
  • Gay or Lesbian or Bisexual Interest
  • Government and Legal Organizations
  • Hacking
  • Health
  • Illegal or Questionable Information
  • Technology
  • Internet Communication
  • Job Search
  • Malicious Web Sites
  • Medicine
  • Militancy and Extremist
  • Military Organizations
  • Miscellaneous
  • News and Media
  • Nudity
  • Pay to Surf
  • Personals and Dating
  • Political Organizations
  • Pornography
  • Racism or Hate
  • Reference Materials
  • Religion
  • Search Engines and Portals
  • Shopping and Auction
  • Social Organizations
  • Society and Lifestyles
  • Special Events
  • Sports
  • Spyware
  • Streaming Media
  • Tasteless
  • Travel
  • Vehicles
  • Violence
  • Weapons
  • Web Hosting
  • Web-based Email

FortiGate classification levels

  • Unclassified
  • Cached Content
  • Multimedia
  • Search
  • Image Search
  • Audio Search
  • Video Search
  • Spam URL
  • Personal Privacy