Tag: proxies

Some Useful Proxy Definitions

If you’ve searched around looking for secure proxies to use, you’ve probably come across these three definitions –

  • Transparent Proxy
  • Anonymous Proxy
  • Elite Proxy

Now none of these definitions are set in stone, but they’re used in most sites to describe the different level of security and privacy afforded by a particular proxy.  The three definitions are explained here on this video

However if you don’t want to listen to the video, here’s the basic concepts.

Transparent Proxy
This is a very basic proxy server which actually provides very little security or privacy. This server simply forwards all parts of the request without any restrictions at all, this includes your real IP address. The web site you visit will be aware of your real address and the fact that you are using a proxy to access. It’s commonly used merely to speed up internet access, particularly by caching popular pages. If you want some security or privacy, then you need to use a different type of proxy server.

Anonymous Proxy
These are probably the most common form of proxies particularly if you’re looking at free ones. This server will hide your real IP address from any web site you visit. However it will normally forward some information in the form of HTTP headers. This could include information about the proxy software, the IP address of the proxy etc. It does offer a certain level of privacy in that it will normally protect the client address, however a lot depends on individual configuration settings.

Elite Proxy
This proxy offers the highest level of security and privacy similar to a VPN but not necessarily with the encryption. Not only does an Elite proxy hide your real address, but it also hides it’s own existence as a proxy server. Many sites block access to clients who are using proxies so this can be very useful. The elite proxy server should forward the absolute minimum of information required and should look like a normal client itself. Again though a lot depends on how it is configured, some Elite proxies are much more secure than others. Also just because something is labelled ‘Elite’ on a web site does’t necessarily make it true!

Beware these Facebook Knickers

It’s getting pretty tough out there on the web, and now the once fairly safe world of social networking is getting dangerous too.  Now I’m paranoid, really paranoid online and allegedly should know what I’m doing. I have some of the best security certifications and tons of Microsoft exams (although did cheat a bit on those – sorry Bill), and a lot of DNS experience.  But I am getting pretty darn close to clicking some sort of virus ridden link, this stuff is getting very real, very quickly.

A few years ago, most of the online scams involved extremely crap emails (usually from Nigeria) with hopeless stories about dead relatives/princesses/benefactors wanting to leave money/swindle governments/etc . Their spelling and grammar was awful and they used words like ‘modernity’ which made you think what the f#ck is going on.  This was good, it was stupidity, perhaps desperation so therefore at least the damage was minimized.  But of course it still caused wide scale misery for lots of trusting or perhaps greedy individuals.

It’s changing though, and changing quickly – the crappy scam emails from Nigerian benefactors are going, they are now different.  They are now plausible, well written stuff with the occasional deliberate spelling mistake added for realism.  What’s worse for the depraved, drunken, half witted (I qualify on several) they’re getting subtler.

How about this – appearing on your Facebook page.

virusknickers

 

Let’s be all professional here – it’s a picture of a young lady standing in her underwear at the start of a video.  For a start, most males under 80 would by now have clicked on the image and I can’t say I blame them.  It looks like a webcam, it looks like she’s going to take some more stuff off.   But what happens is you get prompted to install an update to Adobe Flash before you can view it. Which let’s face it sound legit and many would proceed, this is the point where you’re caught and all the dodgy stuff gets installed on your computer – oh  f**K you may think.

It’s worse because it’s in a safe feeling environment like Facebook, you think you’re protected, but you’re not. I confess I would have fallen for this myself, my security training would have counted for nothing – I was saved by my OCD.  Come on girl, hang that bag up somewhere properly, don’t leave that red sock on the floor.  I am aware of how sad I have become.

It’s clever on many levels, the video appears to play for a few seconds (but that’s actually an animation in the image), all the urls are shortened and encrypted.  The end result is that it installs a Trojan Agent which spreads via your Facebook account.

So the conclusion?  She may be a hacker’s deception, but I wish I could have watched the real video.  Perhaps they’ll send the real one out next week 😉

Russians Caught Out by IP Address

It’s astonishing to think that a Russian state media channel would go around changing Wiki pages in order to pass blame in a different direction. But possibly even more amazing that they were stupid enough to do it from a PC connected with an IP address registered to their company, no proxy or VPN like this!

So what’s happened is that a journalist or other person employed by the All Russia State Television and Radio Broadcasting Company (VGTRK) has sat in the office and changed a story about the Malaysian Flight MH7 air disaster.

IN the very likely true initial version the sentence read –

“by terrorists of the self-proclaimed Donetsk People’s Republic with Buk system missiles, which the terrorists received from the Russian Federation,”

However an hour later that was modified to this –

“The plane was shot down by Ukrainian soldiers”

Maybe they were hoping that the edit wouldn’t be noticed, in fact it was picked up by a Twitter bot, but the reality is that the edit would be visible for years to come. Russia seems to have lost a bit of ground in the digital propaganda wars, modifying such visible sites whilst using an IP address registered to the Russian government is a bit hopeless unless you wanted to get caught and look even more guilty!

russianwiki

It seems that the realisation that we are all tracked and logged by our IP address still seems to have not dawned many. I mean you would have thought the Russian Government would have a few paranoid ex-KGB types to figure this stuff out. Reports are all over the news with American and UK agencies routinely monitoring huge amounts of internet data. Sneaking an edit into a Wikipedia page, looks rather amateurish especially without using a fake ip. It’s rather good to know that there are a lot of Bots out there routinely monitoring activity on these sites from known addresses of the world’s governments.  Although it also worries me slightly that they keep catching them out so easily.

Divine Internet Filtering

Now I’m not very religious, but have no real problem with those who are.  Obviously, excluding those who want to kill me, blow me up or have me imprisoned – anything like that.  However I do think that secular governments seem to work better, at least with regards to democracy simply because most places have many people of differing faiths – I’d argue history supports this view.

It also in my opinion works best with other areas, such as internet access. For example Saudi Arabia, has a very fast and efficient telecoms infrastructure,  the speed in some of Riyadh’s 5 star hotels is absolutely incredible, absolutely no buffering over Wifi while watching BBC iPlayer.  But unfortunately with this 21 century technology, comes an almost medieval implementation.

I am referring to the way that Saudi Arabia censors the internet, or specifically the ISU who are based at the King Abdulaziz City for Science and Technology.  For a 21st century techno geek like me, alarm bells started ringing when I read the ISU statement on why they filter the internet –

God Almighty directed humanity in the Nobel Qur’an in the words of His prophet Joseph: “He said: My Lord, prison is more beloved to me than that to which they entice me, and were you not to divert their plot away from me I will be drawn towards them and be of the ignorant.  So his Lord answered him and diverted their plot away from him, truly, He is the All-Hearer, the All-Knower”  Yusuf(12):33-34

You can see the filtering statement here.

http://www.isu.net.sa/saudi-internet/contenet-filtring/filtring.htm

Now I’ve written a fair few, acceptable use policies in my time, but I confess I rarely reference religious scriptures. It will come as no surprise to find that in general the internet filtering operated by the Saudi Government tend to focus on repressing opposition and promoting their religious beliefs.

The sort of sites that are blocked are things like the Saudi Human Rights organisations, Free Speech Coalition and the Voice of Saudi Women. Lots of journalists are filtered, in fact they once blocked all of blogger because of a couple of blogs were being used to raise awareness of issues within the Kingdom of Saudi Arabia.

saudi internet filter

This is the cheerful message you get if you try and access one of the many thousands of blocked websites. Be especially careful in Saudi Internet cafes were hidden cameras were installed in 2009 and the proprietors are forced to supply names and addresses of customers on demand.

They use a system called Smart Filter to block access to all these websites. It’s nothing very complicated though and most people are able to bypass using proxies, VPNs or specialised software – like this.

Why Can’t I Use a Proxy

We’ve all been there – you’re stuck in work or school, and frankly bored out of your brain.   Sure you have internet access but all the most interesting sites are blocked –

  • Facebook Blocked
  • Youtube Blocked
  • MySpace Blocked
  • World of Warcraft (games and forum) Blocked

So why’s it happening and what can you do about it?

Your company or school controls your access to the internet at several points and is blocking your access at several levels.

The first control is probably through their own proxy server.  If you go and look in Tools/Internet Options/Connections/LAN Settings or  something like that in different browsers you’ll probably see a proxy server set.  That address will be a server controlled by your company where they force all internet traffic.  If they’ve done a decent job you won’t be able to change this.

The settings will normally be deployed by something called GPO (group Policy Objects) which are the way most organisations control what their computer looks like.  These apply settings like specific desktops, screensavers, Internet Explorer settings each time you boot up your computer.

Therefore absolutely everything you request goes through the company proxy server.  You might think you’re being clever searching for ninja proxy sites on the internet but I’m afraid you’re not.  All you are doing is creating a log of you searching for ‘ninja proxy sites online’, and letting administrators know you want to bypass their settings. The proxy server will be set to filter out all such requests by a variety of methods.  The most common one will be a huge list of URLs containing all the dodgy one page, Glype proxy installations online.

So you need to bypass this proxy server or do you?

If the organisation has their network set up properly then even by using an alternative browser or modifying the proxy settings in IE will not work anyway.  The reason is that your company firewall, the hardware device which controls all the traffic in and out of your network should only allow web traffic out from one specific address – the proxy server.   So forget about specific IPs, free web proxies or anything specific like a UK VPN or proxy until you figure this part out.  Remember in this scenario if you bypass the company proxy then your request will not get through, it needs to come from that specific IP address or it will get blocked.

Then a couple of things might happen –

  • The alert will be flagged on the firewall (Web requests from an incorrect internal client)
  • The administrator will track down the PC and find out it’s been modified.

But don’t worry in reality probably nobody ever looks at  the logs and most firewalls generate so many alerts that nobody ever looks at those either.

The point is your searching for online web proxies is simply a waste of time.  To bypass most corporate proxies you need to go through that proxy and not around it.  Through it because any other originating IP address will get blocked and may possibly  wake up your IT Department.  But you need to stop the proxy blocking access based on the content (what you are requesting) and the URL (the actual site you want to visit).

There are two things you can do to allow this – first you need encryption so that nothing can see inside your web request and secondly you need some low key server outside the network to relay your request.  These two requirements if implemented correctly will allow you to tunnel through any corporate network firewall or proxy and also keep your surfing private from the administrators and logs.   I should point out that the new generation of Smart DNS servers like this, may be more effective in a lockdown environment that standard proxies although it’s likely you’ll need admin access on your local pc in order to modify the network settings, as generally these will all be assigned automatically via DHCP.