Slashdot Log In
The Breaking of Cyber Patrol 4
from the what-they-don't-want-you-to-see dept.
Their announcement:
"March 11, 2000 - ANNOUNCEMENT
Cyber Patrol(R) 4, a "censorware" product intended to prevent users from accessing undesirable Internet content, has been reverse engineered by youth rights activists Eddy L O Jansson and Matthew Skala. A detailed report of their findings, titled "The Breaking of Cyber Patrol(R) 4", with commentary on the reverse engineering process and cryptographic attacks against the product's authentication system, has been posted on the World Wide Web at this address:
http://hem.passagen.se/eddy1/reveng/cp4/cp4break.html
The abstract of the report:
Several attacks are presented on the "sophisticated anti-hacker security" features of Cyber Patrol(R) 4, a "censorware" product intended to prevent users from accessing Internet content considered harmful. Motivations, tools, and methods are discussed for reverse engineering in general and reverse engineering of censorware in particular. The encryption of the configuration and data files is reversed, as are the password hash functions. File formats are documented, with commentary. Excerpts from the list of blocked sites are presented and commented upon. A package of source code and binaries implementing the attacks is included.
Eddy L O Jansson
srm_dfr@hotmail.com
http://hem.passagen.se/eddy1/index.html
Matthew Skala
mskala@ansuz.sooke.bc.ca
http://www.islandnet.com/~mskala/"
Re:This is bad for out children (Score:5)
Censorware is not the only solution, as you would have us believe. As a parent, I feel it is my duty to draw and enforce the boundaries within which my little girl can live, play and learn, whether it be in real life or on her computer. As sush, it is also my duty to personally monitor those boundaries to make sure she doesn't wander outside of them. As she gets older, those boundaries get wider and wider until, when she becomes an adult, I cannot set them anymore.
I cannot and will not abdicate this responsibility to a piece of software. This is, in effect, what the proponents of this software want us, as parents, to do. Right now, she has not discovered the Internet (like I said, she's only 4), but when she does, you'd better believe that I will be right there, helping her to discover new things on the 'Net, but always ready to enforce those boundaries that I and my wife have set for her. This, I think, will help her grow into a much more responsible and, yes, moral person than a collection of bits could ever hope to.
Meow.
What the US Govmnt thinks about anti-censorware: (Score:5)
---
Gear wouldn't comment on the findings, but Bruce Taylor, chief counsel to the National Law Center for Children and Families in Fairfax, Va.,
disputed Haselton's study.
"I don't trust that Peacefire is telling the truth," Taylor said. "It's all part of the cyberpunk revolution. They don't like the government telling them that they don't have free access to the Internet. It's like 'Lord of the Flies,' and they think they have the conch."
---
That condescending, patronizing bullshit opinion in and of itself is more than enough to put me in the mood to grab a pitchfork and prepare for the politicians-up-against-the-wall kind of revolution.
The issue is not with censoreware, folks, the problem is with the use of hidden and encrypted ban lists. If everyone could see and change those lists at will, then censoreware, while still standing zero chance of actually working, would at least be acceptable.
As for the issue of performance, I think it's a pretty simple math problem to determine the chances of any one product effectively filtering Pr0n on the great big lan - with the number of new sites coming up every day, the ability of Pr0n purveyors to change sites at will, etc, etc, the chance of a high success rate is pretty well near nil, even if you consider only the sites that play by the rules and allow themselves to be censored.
--
blue
Re:Legal Recourse? (Score:3)
In the US at least, this software is used by parents on their home machines... Parents have every right in the world to say what and what not their children can do and see on the internet on their home machines. It'd be awefully difficult for parents to configure proxy servers on their own that explicity block sites that they stumble across, not to mention the waste of effort. By using the software, parents are implicitly agreeing that they agree with the censorware's author's idea of what and what is not acceptable.
It's not like it should make much difference to many sites... I mean, kids don't generally have credit cards, so they can't order anything... All those ads also basically go to waste because again kids can't order anything they see promoted on various sites.
So far as the blocking of Peacefires site goes, that's probably acceptable as well... Why should parents go through the hassle of buying and installing the software if the kids can easily go to a site that gives them tools to circumvent this.
You have to realize, kids are not real citizens. Parents are in most cases liable for the actions of their kids... They have every right in the world to determine what constitutes acceptable use and what does not. It's not a denial of service attack...
Wow! (Score:3)
What I really got out of this article (Other than the obvious facts about censorware) is that security through obscurity is never a good thing. In this case, it just took some bright programming and some time with a decompiler.
What was even more entertaining is how limiting their key space for the hash algorithm actually improved the security (marginally) such that a dictionary attack was a bit harder. While not that much harder, the authors have an excellent point that security would be better with salts.
Kudos to these guys for a fascinating read and a good job engineering.
Re:There is a solution to this... (Score:4)
If you're not specifically looking for it, its very hard to come across, especially for kids under 10, who will no doubt be looking for pokemon sites and whatever. Kids 10-16, if they do go looking for it, what do you think their reaction will be? "Ewww Sick" or they laugh it off.
This kind of content doesn't have as much effect on children as some people would have you belive.
-- iCEBaLM
Re:There is a solution to this... (Score:5)
To be perfectly honest with you, if I had children, I wouldn't care one way or the other if they see hard core porn.
Why you ask?
Because all kids do it, I know when I was 10 or 11 I found my brothers porn mags and looked through them, curiously. It didn't scar me for life, it didn't make me go into violent convultions, it didn't kill me.
For gods sake here, all it is is a couple of naked bodies having sex, who cares! Kids can undress and look at themselves too ya know. These puritan mores in our society sicken me.
When it's all said and done, it's not about sheilding your children from nudity and sex, because they are going to see it eventually whether you like it or not. It's about bringing up well adjusted children who are able to handle it.
-- iCEBaLM
Re:There is a solution to this... (Score:4)
The solution is to stop thinking in terms of keywords/phrases and manually-compiled lists of sites. These are methods that have been shown to consistently loose.
My mother is a primary (elementary) school teacher, and the use of CyberPatrol is mandated by the Education Department. It blocks searches for the phrase black cockatoo (a common Australian bird) because it contains the substring black cock. This kind of mistake is unvavodable in a pattern-matching system.
Decryption of block-lists by Peacfire and friends have shown us quite clearly that these lists are compiled in a manner that is not just sloppy, but actively malicious.
The solution is to implement a scheme of probability of content type in exactly the same way that Google does it. If lots of known porn sites, or sites with a high occurrence of "bad" words link to a given page, then that page is very probably filled with porn.
Another technique is to look at combinations of factors. If a page scores highly in "sex" category, but also in "psychology" then it is probably safe to assume that it is a research paper on human sexuality and not porn. Similarly, if a page contains the words nude and supermodel but has no images or hyperlinks, then it is probably innocuous.
If anyone from Google is listening, how much to license your technology and database?
Re:What the US Govmnt thinks about anti-censorware (Score:4)
Of course, the bizarre thing about these programs is that they are a product which you sell to people which are designed to cripple their computers. If the software were efficient and trustworthy, of course, we could probably find it acceptable for use by home users who feel a need to install it on their (or their kids) PCs. (I'm not even going to get into the problems of public institutions inflicting these things on people, that's another debate.) However, what we have are a lot of people in the business of giving people a false sense of security.
I can some it up by paraphrasing (I don't remember the exact quote) an exchange between Homer Simpson and a con man:
Con Man:Now I could sell you a fancy security system with a lot of bells and whistles that doesn't really work.
Homer:Yeah, let's get that one!
The point is, how do these people get away with selling people software that doesn't actually work? I mean I could probably come up with a simple software program that would block exactly 50% of the World Wide Web (without checking content at all, just randomly blocking every other page) and say, "My product blocks more porn, violence and Satanic sites than any of my competitors." I could even (if I were able to hide my identity as a Libertarian rabble rouser) possibly get defenders from these AFA type associations provided my rhetoric was correct. The worst thing though is the lucerative government contracts some of these companies are starting to get. Believe it or not, these companies are probably only getting into this for the money, but once the money starts coming in they will be willing to spend at least some of it to continue pushing these bad laws. The Cyber patrol press release about Australia is particularly troubling in that regard. I don't like it when people commit to censorship for ideological reasons, but I think that when you add people with $ signs in their pupils but who don't have any particular ideological commitment to censorship, you create a really bad situation.
Don't shelter kids (Score:3)
There is a solution to this... (Score:3)