Bye, Bye Scroogle – Alternative? We’ll Miss You!

Yep  Scroogle has gone alas,  it had a purpose, it was useful and the owner had an attitude – but at time of writing sadly, there’s no Scroogle alternative.   To be honest it doesn’t come as a big surprise, for the last few weeks it’s been pretty much unusable for a variety of reasons.

A few days ago the owner Daniel Brandt announced  –

“Scroogle.org is gone forever,”

You might think what a drama queen, or perhaps so f**kin what – but it’s kind of a sad day for all of us with a brain.

But first perhaps we should say what Scroogle actually was – and that is simply a proxy for the Google search engine.  Instead of all your queries being logged, recorded and monitored in order to build up some sort of creepy online profile of you – Scroogle acted as a man in the middle. It was a like a trusted friend who wouldn’t make judgement, wouldn’t log the request for future gains and certainly wouldn’t sell your profile to Tesco to add to their Clubcard profiles (note to US readers – this makes no sense to you)

So if you wanted to search for ‘pornographic pictures of sexy ladies dressed up as members of the Stasi’ , then your East German security fetishes would be strictly private, meaning Google wouldn’t have made a little addition to your online search profile.

Which meant you had a little more privacy, your every internet searching whim was not added to a online profile or buyer’s list held by some bunch of corporate tossers. So for this to Daniel – I say thanks and am very sorry to see him go. Now the reasons for the end of Scroogle where apparently due to two main reasons,

  • Google throttling Requests
  • Many DDOS attacks on the site.

Now both are equally feasible and apparently both were happening.  Scroogle has been around for nearly ten years which is a long time in Internet years and Google could have closed it down at any point.   They have always limited the number of search requests from a single IP address  – so Scroogle would have tripped this many times with only about 6 servers and a limited number of IP addresses.   So did the Google guys finally have enough and tighten the screw?   I’m not sure, it’s not great publicity for them if they did and the impact on their profits were certainly negligible – but this requires further research !

The other problem which hastened the demise much more quickly was the increasing number of DDOS attacks.  These are just blunt attacks designed to bring servers to their knees,  easily orchestrated either with minimal technical knowledge or a few bucks to spend.  Daniel Brandt apparently was very outspoken and frequently upset people so he’d probably made a lot of enemies.  It’s a sad blow though, again showing that cyber bullies exist on all sides of the divide – the fact is you can use a DDOS attack on any web server in existence.  It’s the lead pipe of the cyber world, if you disagree with someone online you can just pay a few bucks to take out their web site/blog etc.

I don’t know who Daniel upset or why – but the loss of Scroogle is surely an own goal!!  Will it ever be reported on mainstream media?  Will we see reports on NBC, Fox or the BBC – probably not.I was going to rant further on this issue and put in a selection of secure search engines that still exist but I’ve suddenly discovered a rather full bottle of 10 year old Laphroaig whisky – if you’ve tasted it you know why I can’t concentrate now.   Adieu……………

 

PS

Will post up the list of secure search engines in my next post.

Blocking Anonymity – China and TOR

There’s loads of places where it’s pretty simple to bypass the blocks and restrictions that Governments put up. In reality a lot of countries have no access to the skills, equipment and in some cases the will to ensure that they really do control access to the internet. For instance in Turkey, there are a lot of sites which are officially blocked like Gay and Lesbian groups ( serious sites not porn) but thousands of people access every day with no problem.

Subscribing to a anonymity service is quite common in many countries, not particularly due to the privacy issues but more because they want to access TV and media sites in other countries. The Geographical blocks that stations like the BBC and Hulu put above are easily circumvented by using a security program like . .   In fact if you speak to these companies you’ll find that 95% of the traffic is related to watching video and not to secure or private browsing.   In Identity Cloaker for example you can turn off the encryption to increase speed which is what many users do. Then people select the proxy server that they need – anything from an Australian proxy or a French, German or British one.

However the simple Geo blocks of the media companies are much worse for many people – for instance in China.  Whilst many countries are as mentioned pretty hopeless at controlling internet access – the techies behind the Great Firewall of China are very switched on indeed.

TOR Access Block

TOR is free software which links to an open network run by it’s users, it’s designed to provide anonymity online and let users bypass blocks and firewalls.   It does have it’s problems mainly based on the open format of it’s network – you relay traffic through other users computers.  As such there are security problems and it can be painfully slow to use.  But it is very difficult to block as you are not reliant on specific servers and there’s no specific IP addresses you can restrict access to.   But the Chinese have reportedly been block TOR users for several months.

The security team at Team Cymru have recently investigated how the Chinese Government was blocking access made to the TOR network.  It’s pretty interesting reading and demonstrates that the Chinese are actively combating the use of Tor through the Great Firewall of China.   Every time a user connected to a one of the Tor Bridges (which relays the connection through the Open network) then probes would be sent out from a Chinese IP address.  The probe was only sent if a connection was made to port 443 (HTTPS) in which an SSL negotiation was performed, any non secure connection did not cause the probe.

The probe was extremely sophisticated and designed specifically to connect with Tor, even able to communicate using the Tor Protocol.  As soon as one  of the probes was received the connection of the original Tor User was blocked by the Chinese Firewall and the connection dropped.

The team Cymru researcher was able to identify how the Tor connection was been identified.  The Tor handshake was located by inspecting inside the packet and locating the specific SSL ciphers used by Tor to establish the handshake.

Pretty heavy stuff,  to utilize this level of Deep Packet Inspection requires very sophisticated technology and obviously teams of people actively researching  how to block anonymity systems like Tor!

You can read the full details of this research conducted by Tim Wilde of Team Cymru here – Great Firewall of China Tor Probing.

Apple iOS Hacker Banned

You’d think computer companies would learn wouldn’t you, when you see someone who points out a problem with your code, hardware or processes then you should thank them, embrace them – heck employ them if you can.   Apple however have failed dismally in their response to Charlie Miller’s assistance on highlighting the problems in the App Store security process.

Photo Charlie Miller – Twitter@0xcharlie

I means there’s two types of people out there who do this sort of hacking – white hat guys like Charlie Miller who will demonstrate the vulnerabilities, publish proof of concepts and let the company know. Of course it can be slightly embarrasing sometimes when you’ve dropped a bit of a clanger but there is an upside.

The upside is that the other type of people don’t get chance to figure it out – the Bulgarian uber hacker working underground for a Russian or Brazilian cyber criminal gang who exploit the hole after they’ve found it.

So what did Charlie Miller actually do?

Well it’s probably best to let the author demonstrate – make sure you watch it until the end to see the full extent of what this hack is capable of !

Pretty incredible heh!! The potential of this in the hands of the bad guys is probably what scared Apple and made them act like a spoilt brat by kicking Charlie Miller off the iOS developer program. White hat hackers as talented as this guy should be treated a bit better even if he did perhaps break a few little terms and conditions to illustrate the vulnerability.

I haven’t thought about the criminal possibilities of this but I am sure there are many beyond downloading everyone’s address book. I confess I’m still stuck on the prank possibilities of having every iPhone on the planet vibrate at exactly the same time. Pointless but fun and pandering to my inner megalomania without causing any real harm! If only I was as clever as Charlie Miller !!

Hopefully the kicking Apple is currently getting in the online media for their reaction will make them think again. Perhaps in some high up meeting somewhere in Apple Towers it will occur to someone that they should be actually thanking this guy. Otherwise they should get worried if he starts taking long holidays in Moscow next year.