Tag Archives: Peer-to-peer

Thwarting the VoIP Eavesdroppers

Interesting piece in Intelligence Online (subscription only) which mentions the growth of both software to intercept VoIP traffic, and services to thwart it. Companies mentioned: Amteus [company website] which “has developed secure software for Voice over IP (VoIP) communications but also for e-mail and file swaps.” Amteus basically works by establishing a peer to peer connection and encrypts with a one time key. On the other side of the fence, the article says, are companies “like Israeli firms Nice Systems and Verint as well as France’s Aqsacom, are already marketing solutions to break into and record telephone conversations on the Internet.” [all corporate websites]

An interesting world
 

From the Ashes of Blue Frog

The Blue Frog may be no more,  but the vigilantes are. Seems that despite the death of Blue Security in the face of a spammer’s wrath, the service has built an appetite for fighting back. Eric B. Parizo of SearchSecurity.com reports on a new independent group called Okopipi who intend “to pick up where Blue Security left off by creating an open source, peer-to-peer software program that automatically sends “unsubscribe” messages to spammers and/or reports them to the proper authorities.”

Okopipi has already merged with a similar effort known as Black Frog and has recruited about 160 independent programmers, who are dissecting the open source code from Blue Security’s Blue Frog product. The idea seems to be the same: automatically sending opt-out requests to Web sites referenced in received spam messages, the idea is to over-burden the spammer’s servers (or those of the product he’s advertising) as a deterrence and incentive to register with Okopipi. By registering he can cleanse his spam list of Okopipi members.

Some tweaks seem to be under consideration: Processing will take place on users’ machines and then on a set of servers which will be hidden to try to prevent the kind of denial-of-service attack that brought down Blue Frog.

Possible problems: I noticed that some of the half million (quite a feat, when you think about it) Blue Frog users were quite, shall we say, passionate about the endeavour. These are the kind of folk now switching to Okopipi. This, then, could become an all-out war in which a lot of innocent bystanders get burned. The Internet is a holistic thing; if Denial of Service attacks proliferate, it may affect the speed and accessibility of a lot of other parts of it, as the Blue Frog experience revealed. (TypePad was inaccessible for several hours.)

Another worry: Richi Jennings, an analyst with San Francisco-based Ferris Research, points out on Eric’s piece that project organizers must ensure that spammers don’t infiltrate the effort and plant backdoor programs within the software. “If I’m going to download the Black Frog application,” Jennings said, “I want to be sure that the spammers aren’t inserting code into it to use my machine as a zombie.” I guess this would happen if spammers signed up for the service and then fiddled with the P2P distributed Black Frog program.

Another problem, pointed out by Martin McKeay, a security professional based in Santa Rosa, Calif., that spammers will quickly figure out that the weak link in all this is it rests on the idea of a legitimate link in the email for unsubscribing, and that spammers will just include a false link in there. Actually I thought the link Blue Frog used wasn’t unsubscribe (which is usually fake, since if it wasn’t would then pull the spammer back within the law) but the purchase link. How, otherwise, would folks be able to buy their Viagra?

One element I’d like to understand better is the other weakness in the Blue Frog system: That however the process is encrypted, spammers can easily see who are members of the antispam group by comparing their email lists before and after running it through the Blue Frog/Black Frog list. Any member who is on the spammer’s list will now be vulnerable to the kind of mass email attack that Blue Frog’s destroyer launched. How is Okopipi going to solve that one?

BitTorrent’s First Victim

Hong Kong man jailed in landmark world web piracy case – INQ7.net:

HONG KONG– (UPDATE) A Hong Kong man believed to be the first person to be prosecuted for sharing movie files over the popular online Bit Torrent network was jailed for three months in Hong Kong Monday.

The jailing of 38-year-old Chan Nai-ming marks an international landmark in the fight against illegal online sharing of intellectual property, which movie, music and software makers claim is losing them billions of dollars annually.

Unemployed Chan, who called himself “Big Crook,” was found guilty two weeks ago of illegally distributing three Hollywood movies on the popular peer-to-peer Bit Torrent (BT) system.

Shutting Skype Out

Who actually pays for Skype? How about the network operators, who have to put up with all the extra traffic? And what are they doing about it? A piece from VOIP Planet, Keeping Skype @Bay, points to the arrival of products specifically designed to block Skype (and other p2p traffic) from their networks:

Skype is the poster child for such ‘undesirable’ traffic, from the point of view of facilities based network operators, as the VoIP technology provider and its peers bring no network capacity to the party; they essentially piggyback on others’ pipes.

And this is not just a minor nuisance.

Monty Bannerman, president and CEO of Verso, pointed out to VoIPplanet.com that NANOG [the North American Network Operators’ Group] has probes all over the primary backbones. “They’ve been able to measure the rise in peer-to-peer traffic,” Bannerman said. “The last stats I saw—and that was at least a year ago—at that point over 30 percent of the backbone was p2p traffic—and rapidly growing.” This is traffic that brings in not a penny for the carriers whose networks the p2p traffic traverses.

For smaller network operators this is poison, the piece says:

“It’s one thing if you’re just having a rise in certain kind of traffic and its driving more capacity and people are buying bigger pipes from you as a carrier. But if that same traffic is robbing your paid subscriber base, it’s like eating poison every day,” Bannerman said. “There are really two camps here.” Bannerman continued. “There’s the p2p camp that says Skype’s an incredible new thing that everyone loves, but if you’re watching your business model being eroded every day, you’re in the other camp.”

Certainly the company mentioned, Verso, makes no bones about the fact it’s Skype they’re offering to block with their products. In a press release issued on Sept 14 it says of Skype calls:

 However, these calls typically run through multiple carriers’ IP networks and consume large amounts of bandwidth.  This traffic runs outside the traditional carrier revenue generation models and is therefore highly undesirable for them.  Furthermore, carriers currently do not have a feasible way to separately monitor and restrict this type of traffic on their network.  Verso’s new technology would fill this void.

Five days later, in another press release about its new NetSpective 2.0 Enterprise Filtering Technology, it mentions Skype again, aiming at somewhat different concerns:

 Additionally, the application specifically targets and blocks Skype software, which enables users to utilize the Internet to place undetectable and un-monitored voice calls to another end-user running a Skype application, leaving enterprise organizations open to a variety of liabilities and potential virus infections.

That’s interesting. Undetectable and unmonitored calls? What about mobile calls?

What’s also interesting about this is that Verso has its own VoIP product. One can’t help but wonder about the legal and ethical aspects of blocking one VoIP carrier traffic while offering your own product. Indeed, the VOIP Planet article specifically quotes Verso president Monty Bannerman as saying its filtering software could distinguish between certain kinds of traffic, so it “could actually degrade certain types of traffic—or prioritize others.”

I imagine this kind of thing is going to come to center stage as Skype (and competitors) grow. And as the VOIP Planet says, there are regulations about this kind of thing, though they differ from country to country.

[Andy Abramson of VoIP Watch has an interesting take on this debate.]

Opera Offers Support for BitTorrent

Opera has today launched a ‘technical preview’ version of its browser that includes support for BitTorrent, the protocol for distributing files via peer-to-peer that utilises both downstream and upstream bandwidth and spreads the load among different servers. As far as I know this is the first mainstream program that offers inbuilt support for what could become an increasingly controversial medium (please correct me if I’m wrong, but I know of no Firefox plugin for BitTorrent files).

The press release explains as follows:

Oslo, Norway – July 7, 2005: Opera Software today launched a technical preview (TP) of the Opera browser for Windows, Linux and Mac that includes support for BitTorrent. Integrating this popular file-downloading technology in the Opera browser offers the end user a faster download process by utilizing full bandwidth and reducing the chance of in-transfer delay when multiple users download the same file.

Its BitTorrent Resource page explains that Opera treats BitTorrent as just another protocol, like FTP and HTTP. This is not Opera turning browser users into BitTorrent hosts:

By offering BitTorrent in a technical preview of its browser, Opera seeks to broaden the appeal of downloading legal torrent files. Opera does not encourage the use of BitTorrent, FTP and HTTP protocols for downloading illegal, copyright infringing material.

I must confess I haven’t used BitTorrent a lot, but it clearly is popular and has huge potential. Part of the reason I haven’t used it too much is that the software I’ve used, tho simple, isn’t quite as intuitive as one would like, so the idea that the browser might make it as easy as downloading an ordinary file might propel usage into the mainstream.

Could The Fake Beheading Have Been Proven Earlier?

I know it’s easy to be smart after the event, but were there enough clues on the Internet for journalists to have figured out the Benjamin Vanderford video was a fake before AP and others published the news?

There were some clues, at least. From the video we were able to know his name and his home town, even his home address. From that checks on Google would have thrown up the following at the very least:

  • Him, or someone with the same name, was running for office:  A piece on The Examiner website on May 31 mentions “Benjamin Vanderford, 22-year-old political independent, musician and video-game programmer” as being a District 4 candidate and a member of something called the Candidates Collaborative.
  • sfbulldog, an online resource for politics and the arts, also mentions Vanderford, or someone with the same name on May 22, who was, according to the author H Brown, “smarter than me (not saying a lot, I know) … has great web site and hell of a sense of humor. Fine young writer. A future in politics if he’s serious and could shock everyone if his web site catches on.” Unfortunately the website address mentioned is not cited. (It was possibly this one, mentioned on the Northeast Intelligence Network in its early assessment of the video but not cited. The link itself is no longer active.)

Already, however, we’re getting a picture of someone who seems likely to be the Vanderford in question, since he’s from that town, appears to be the same age, and is the only Benjamin Vanderford in San Francisco area. He’s also a guy with a sense of humour, running for office, smart and with a website worth checking out. What’s he doing in Iraq, and why is there no mention of that fact?

That, I suspect, should be enough. Did any journalists try calling his home to confirm? Vanderford says he had circulated the video on P2P networks such as KaZaA for several weeks. Would a savvy journalist have been aware of this? Perhaps not. But as the The San Francisco Chronicle points out, usually material which is gathered from the Internet carries qualifying phrases. But this time the fact that the video had appeared on a Islamic website that has in the past posted communiques and videos from Islamic radical groups appeared to be enough to convince several news agencies to go ahead.

Bottom line: Any material that appears on the Internet should be checked, wherever it appears. In this case, with the guy’s name and address so clearly stated, it would seem to make sense to make some rudimentary checks first before announcing he has been killed.

News: From Kazaa To Skype

 From Estonia comes news that the guys behind file-swapping legend Kazaa are launching an Internet phone service they claim could put traditional phone companies out of business. AP says the service, called Skype, purports to offer free, unlimited phone service between users with sound quality near to existing phone lines.
 
 
Skype users — and there are already more than half a million of them — can currently use the program only to talk to each other, but it could later be enhanced so someone could call other types of programs, or even regular landline and cell phones. The program directs peer-to-peer data through the quickest networks, ensuring that quality isn’t degraded. Privacy is ensured through encryption.