lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <4735EA56.3010900@observed.de>
Date: Sun, 11 Nov 2007 02:28:54 +0900
From: Paul Sebastian Ziegler <psz@...erved.de>
To: bugtraq@...urityfocus.com,
	full-disclosure <full-disclosure@...ts.grok.org.uk>
Subject: Standing Up Against German Laws - Project HayNeedle

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Dear Infosec community,

as most of you may have heard the German government passed a law today
that will lead to all connections being logged for 6 months. This
includes phone calls as well as all internet connections.

This is madness for various apparent reasons. In times like these it is
necessary to stand up against it. Of course not by committing crimes but
by attacking the flawed logic behind those laws itself.

There are many approaches to this. And I am sure (and I really hope)
that there will be many more taken. This is just one approach that came
to my mind today.

Introducing Project HayNeedle.
A tiny spider-like program written in C# that will create connection
sessions on it's own thus trying to create plausible deniablility. It
runs within the .NET framework and was tested on Linux and Windows XP.
If it runs on your OS, drop me a line, if it doesn't send me a report.
It should run on almost any OS supporting Mono.

The mechanism is quite easy: It searches Google for random words and
picks random pages among the results, then spiders from there (well it
is spidering except that it only follows one URL at a time within a
session thus simulating a user).

A long description of the idea behind it and the technique as well as
downloads of the sourcecode and binary can be found here (English and
German version):
http://observed.de/?entnum=126

Project HayNeedle is released under the GPLv2. So any form of patches,
ideas and constructive criticism is welcome. However for the sake of
everyones nerves I will not reply to any sort of aggressive and/or
flaming mails.

Many Greetings
Paul Sebastian Ziegler
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHNepUaHrXRd80sY8RCqprAKC/8EVMf/FVibcyLWc1ksnq9ZRT7ACg9FpS
4JpBVvHE1TI3ZPkvgSPXuGA=
=g7Qt
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ