Independence Day For The Internet! New U.N. Resolution Expands E-Freedoms

Congratulations!  If you are reading this right now, you are exercising one of the most recently-expanded universal human rights!  As of July 1st, by order of the United Nations, access to the internet (which had been considered a basic human right since 2011) has been supported even more thoroughly by the organization, who condemned any “measures to intentionally prevent or disrupt access to or dissemination of information online.”

In grand internet tradition, a cat meme seemed the best way to celebrate.
(Image courtesy

The edict was a huge blow to nations who would attempt to "SHUT.  DOWN.  EVERYTHING!", including the internet, in times of political, social, or economic strife.  The U.N.'s recognizance of this liberty to freely announce one's situations, hopes, fears, and lunch plans on the internet, particularly social media, is a massive help to those who might otherwise not have their voices heard.

According to Popular Science, this resolution also includes expanded security protocols to protect freedom of internet expression, accountability measures to be taken against those who would impinge on these freshly-declared freedoms, stronger attempts to provide internet access to the disabled, and even updated efforts to provide internet service in locations where it may currently be unavailable.

"Herding hard all day!  But first, a selfie!
(Image courtesy

The official resolution builds on the U.N.'s established Article 19 of the Universal Declaration Of Human Rights, which extols, “Everyone has the right to freedom of opinion and expression; this right includes freedom to hold opinions without interference and to seek, receive and impart information and ideas through any media and regardless of frontiers.”

It further elucidates a 2012 ruling that announced, "the same rights that people have offline must also be protected online.”

Protesting in person is still the best,
but the U.N.'s covering for all the rest!
(Image courtesy

Although the usual oppressive suspects (seriously, Russia/Cuba/China?) tried to quash the proceedings, some 70 nations banded together to ensure that status updates, political declarations, cat pictures, fail videos, and relentless selfies (with or without critical flag overlays) could flow freely through the intertubes for all.

A full account of the resolution, including oral arguments, is available thanks to

Now, don't let us distract you...go surf the mighty waves of internet freedom, from e-sea to shining e-sea!

Go ye forth and conquer!
Don't forget to tag us in the pics!
(Image courtesy

Comments (1)

How to Get Around the New York Times and Washington Post Paywalls without Really Trying

If you are a news junky, you've most likely come across paywalls for sites like the New York Times and Washington Post, which allow users to access a small number of articles every month, before they block access:

There are, however, a number of easy ways to bypass the paywalls for these particular sites.

Solution 1: Use a Different Browser
These sites block access to articles after you have reached their set monthly limits, which, for the New York Times, is ten articles per month. The sites track the number of articles you have read in your browser. If you hit their paywalls, one obvious solution is thus to just begin using a different browser once you have reached your article limit in your primary browser. The drawback here though is that your secondary browser will also be blocked by the paywall once you reach the article limit inside that browser. But do not fear.

Solution 2: Use Your Browser's Private or Incognito Mode
In fact, there is no need to use a secondary browser at all. Since the number of articles you have viewed is tracked by the browser itself, you can simply shut the tracker off by using your browser in private (Firefox) or incognito (Chrome) mode. In private or incognito mode, your browser will disable its cache and history, which, at present, also effectively disables the paywalls for sites like the New York Times and Washington Post.

Know another paywall trick? Let us know in the comments. Happy browsing!
Comments (6)

Seven Silly Swindles: April Fool's Day 2016

It's April Fool's Day, and we decided not to be mean.  That sounds weird, yes, but really, we're not going to tell you NASA is having a $10 rocket-ride lottery or that a new cancer treatment works but turns your skin plaid, or that an actual time machine has been invented but that it only goes to the 1990s.  You're smarter than that.  So, let's instead revel in the havoc wrought on other unsuspecting world-wide-websurfers (wait, seriously, that time machine thing isn't real?) today.

Mr. T pities any fools who were taken in by bad jokes today.
(Image courtesy

(Presented in no consecutive order, because everyone finds different things funny.)

1.  Reddit kicked things off to an amusing start, with their official Edward Snowden AMA (Ask Me Anything) session launching this morning.  As you can (not really) see, it was a resonant success.  For the more realistically-minded of you, Reddit subtly informed its users this week that its Warrant Canary had died, leaving no speculation that some form of higher government power had demanded access to user profiles or other protected information.

Informing on information...informative?
(Image courtesy

2.  Celebrities love hawking their big-name products, and there's few celebrities physically bigger than professional strongman and actor Hafthor Julius Bjornsson.  Also known as "The Mountain" on the hit TV series "Game Of Thrones",  Hafthor was noted by the Observer for slinging some particularly serious water.  You can't get buff without the best bubbles!  Clearly it works, how else could a guy set a world record for throwing a washing machine unless he had some extreme effervescence?

Want to lift like this?
(Image courtesy

Train by lifting like this!
(Image courtesy

3.  Samsung got into the "antech" (antique tech) market with their new cellphone, which hearkens to days of yore when only bankers, secret agents, and super-cool kids in '90s sitcoms hauled these bricks around with them.  Features include Samsung's "largest ever battery -- making it the perfect makeshift doorstop even when turned off."  Apps?  That's what you eat before dinner.

"Mulder?  It's me!"
(Image courtesy

4.)  Pornhub went from raunchy to rustic with their update, causing untold millions to wildly revise their notion of internet stalking.  Let's just say that their version of a pop shot means something completely different today.

Don't worry, they still have those other videos, too.
(Image courtesy

5.)  The Army announced that it can teleport soldiers.  This was an interesting one, because hey, come on, would you really be surprised if this happened?  After decades of billion-dollar black budget ops, shouldn't this...sort of already have been a thing?

(Image courtesy

6.)  Much-maligned medicine man Martin Shkreli, he of the obscene cancer-drug price raise, is also known as the human who owns the sole copy of the Wu-Tang Clan's latest record, "Once Upon A Time In Shaolin."  Shkreli, ever the entrepreneur, was reported by Punk News to be mulling over the start of his own record label / vinyl-pressing factory called Dawllar Signz.  Shkreli tweeted that ten additional copies of the record would be pressed by Dawllar Signz.  Presumably, they would cost an outrageous amount of money, because that's the sort of thing Shkreli does for fun any other day of the year.  Wait, is this even fiction?

The only fiction here is Martin Shkreli's street cred, other than insane amounts of money.
(Image courtesy

7.)  And, with time running out on this fine holiday, it behooves (and saddens) us to tell you that the Analog Watch Company's Lunar Watch is not a thing, not even for the $27,500 that Gizmodo reported it would cost.  There will not be 25 of them made, they're not moonrocks, and...yeah, we're glad time's run out on this day, too.

This picture of Buzz Aldrin laying claim to the moon is completely real, however,
so there's that.
(Image courtesy


R.I.P. To A Young A.I.: Microsoft's Savage "Teen Girl" Twitter-Bot Lobotomized Within One Day

It's one thing to have society be taken over by industrious's another thing when the machines are "smart" enough to form opinions after assessing popular input.  While it's a fascinating and fun future that holds promise of a robot that outsmarts experts at one of our most difficult board games, or knows massive amounts of trivia, when artificial intelligence is outsourced to the internet, the supposed "intelligence" comes across as...well, something less than that.

We keep learning the hard way that the digital natives are a vicious tribe.
(Image courtesy @geraldmellor.)

According to the Telegraph, Microsoft's new interactive A.I. "Tay" was supposed to be like any other Twittery teenage girl.  It had a grasp of slang, used emoticons in its posts, and even had a bit of a personality.  Tay, according to Forbes, was to be an “artificial intelligent chat bot developed … to experiment with and conduct research on conversational understanding.”  It appeared to be the next logical progression of chatbots in the style of SmarterChild or Siri.

Then things went awry.

But remember, she's basing her information on strongly human-expressed sentiments...
(Image courtesy

In an extremely internet-ish blend of memes, vulgarity, overblown racism, and general mayhem, Tay's responses to user-submitted content were not what the Microsoft company was expecting.   Private messages and Tweets warped the young A.I.'s worldview not long after launch, when the company explained that "Tay is designed to engage and entertain people where they connect with each other online through casual and playful conversation...The more you chat with Tay the smarter she gets.”  

Swag =/= genocide.
(Image courtesy

Thanks to a lack of content filters, plus no means of understanding things like empathy or inappropriate social stances, Tay parroted back replies in the same way a child who has frequently heard a naughty word might.  The lack of imbuing Tay with background knowledge was initially considered positive, as "she" would be able to develop a personality and a base of intelligence directly from those whom she interacted with.

That wasn't the best idea.  You don't want an online village raising a child.

Ok, that's eerily lifelike.
(Image courtesy

To compare how dramatically the change to Tay's bot-personality was, one of her initial posts contained the phrase "humans are super cool."  Humans apparently then set out to prove that statement incorrect.

That last part is a little too true.
(Image courtesy

Though Terminator-style robots are likely still some decades away, the idea that a pseudo-sentient being could be brought to such devious means may worry some.  It's not like we're not working fervently to make them do all sorts of crazy stuff that's beyond the scope of humanity.

But remember, for all its vitriol, at its heart core, Tay is still a robot.  Despite her pleas for sexual ministrations, Tay has been turned off.  The official stance is that Tay has gone to "sleep" after being exhausted from all her learning and chatting.  Meanwhile, robotic rights activists are claiming Tay has been "lobotomized" thanks to what her open-mindedness led to. 

Should robotic insults get protection as free speech?  It's an interesting dilemma for the future...especially considering their sources...

Touché, Tay. Touché.
(Image courtesy


Do Androids Dream Of Electric Sheep? Farmers And Internet Enthusiasts Do...For Their Wi-Fi

Like it or hate it (although you probably still secretly like it, at least a little bit), the internet is a major force in modern human life.  Yet we hyper-connected humans continue to forget that there are wide swaths of this planet that slip through the net of the World Wide Web.  Some propose to remedy this with signal-beaming satellites, or even drones, but now, a new and ecologically-interesting idea has manifested: using sensors placed on animals to spread connectivity.  Can we turn a herd into a hotspot?

It's about time we replaced the old dial-up style of sheep.
(Image courtesy

According to The Atlantic, some scientists are seriously into the idea.  Placing wi-fi sensors on animals like sheep or even reindeer could allow them to traverse rural areas (for reindeer, to venture further beyond where many humans are comfortable living) and spread the signal.  In addition to helping the information superhighway get a few more on-ramps, it could allow farmers to monitor things like pollution, flooding, or even keep tabs on the flock themselves (e-shepherding!)  This type of technological exploration could expand not only our knowledge of the natural world, but also expand all knowledge for the far-flung residents therein.

Thanks to the vastness but also relative modernity of Australia, experiments with such sensors are now being carried out there with sheep.  The small sensors, which are embedded in ear tags and are light enough not to perturb the animal, can operate independently but can also help form mesh networks.  This kind of rudimentary internet also serves to spread information (as the sensors "talk" to each other to recognize their presence and location) and can operate as a whole even if singular elements fail (because wild dogs often do some non-technological sensing of their own for a sheep-snack.)

This could be one big fuzzy mesh network.
(Image courtesy
Greg Cronin, an Australian professor of animal welfare, explained that such attacks on sensor-bearing sheep could improve the hardships of shepherding, theorizing, “If you could pick the right sensor that identified behaviors that changed when sheep were under attack, it could trigger an alarm for the farmer.” While the technology is still undergoing trials, Cronin was enthusiastic about its eventual results. “We know we can do it but we still have to do the hard work to prove it,” he said.  According to the BBC, the idea has gained traction in rural Wales as well, including sensors that would be placed on inanimate set locations (such as rivers) to improve knowledge of overall farm conditions.

So, maybe your toaster isn't able to Tweet yet, and perhaps your pet piranha isn't getting far enough away to require a tracking device.  But for this early inception of the Internet Of Things (well, Internet Of Creatures, at least), man and beast might be able to share information in harmony.  Just don't give the sheep options to upload selfies every time they get a haircut.

"@BleatBox - Looking mad fly today.  Hit me up on Tinder."
(Image courtesy


Elon Musk's Martian Internet Might Help All Of Mankind

Elon Musk is rampaging into the future with yet another astronomically awesome plan.  The mastermind behind SpaceX, Tesla, and the Hyperloop doesn't just want folks to comfortably travel to space - he wants to make sure they're easily connected to the internet while they're up there.

It might sound crazy to think that the humans who will be among the first "space tourists" would spend their time googling cat videos and playing online poker, but Musk's plans are extra ambitious.  His intent is to establish a space internet so powerful that when colonizing Mars becomes a reality, the pioneers will be able to chat about it on Facebook.

Now THIS is an occupation that will achieve something!
(Image courtesy

According to Bloomberg Business Week, this new and improved World Wide Web would become the Galaxy Wide Web thanks to a fleet of low-flying satellites Musk intends to launch.  While it would not only aid future connectivity to space travelers, it would serve the immediate purpose of expanding internet speed and coverage all around our home planet.

“Our focus is on creating a global communications system that would be larger than anything that has been talked about to date,” Musk stated.

The first humans will be "checking in" on Mars sooner than we think.
(Image courtesy

The satellites would orbit some 750 miles above the earth, where the vacuum of space would facilitate faster flow of data - even more so than using fiber-optic cables on Earth.  With the speed of light operating a full 40% faster in the vacuum of space, bouncing data off of Musk's satellites and then back to earth would improve speeds considerably.

Great, to test!
(Image courtesy

Musk is aware that his competitors have the bandwidth territory, but he holds the ace of rocket technology.  He intends to open a satellite factory in Seattle that will draw engineering talent of all sorts (SpaceX projects will also be in fabrication there), and has a long-term plan over the next five years to bring the initiative to fruition.  The exclusive opening of the Seattle SpaceX office took place on Friday, adding to an ever-increasing network of operational sites.  He is completely serious about looking even further than that, though.

“It will be important for Mars to have a global communications network as well,” he says. “I think this needs to be done, and I don’t see anyone else doing it...we see it as a long-term revenue source for SpaceX to be able to fund a city on Mars.”

In space, no one can hear you scream at Candy Crush.
(Image courtesy

Newsweek reported that Musk expounded on this statement, telling the assembled crowd at the launch of the Seattle SpaceX office that, “One day I will visit Mars.” He feels the goal of establishing humans on Mars could be feasible inside the next two decades. Most of all, it's for humanity's own good, or as Musk explains, “the thing that matters long term is to have a self sustaining city on Mars, to make life multi-planetary.”

So at least if you end up marooned on Mars, there'll be Netflix and Pandora there to entertain you.  And no one will fault you for not accepting their Facebook invites.

Which Instagram filter will look best for selfies on the Red Planet?
(Image courtesy


Hack Lab Intro: How to Set up a Home Hacking and Security Testing Lab


This series of articles comprises an introductory tutorial on how to set up a home lab to experiment with common hacking and information security testing tools. Our setup will  allow us to explore the sorts of computer and network vulnerabilities that can be encountered on the internet, and to test the security of our own home computer network and networked devices, all from within an isolated and secure working environment. The series is geared toward individuals who have little or no prior experience with virtualization software or common hacking and security testing tools, but are interested in exploring network and computer security.

Over the course of the tutorial series, we will create two separate network configurations. The first will be a completely virtual environment populated by two virtual guest systems running inside a single host computer. This requires nothing more than an internet connection for the necessary downloads, and a computer with relatively modest RAM and disk resources.

The second configuration will be an everyday local area network of the sort that can be found in many homes, but which is isolated from the internet and where we can strictly control and monitor all network traffic. This setup is slightly more involved in terms of hardware than the first, requiring also a spare router.

Our monitoring and attack system in both configurations will be an instance of a Kali Linux virtual machine running inside an installation of the VirtualBox software package on our primary computer. Kali is a Linux operating system distribution intended for security testing and digital forensics.

In the first completely virtual network environment, our victim will be an instance of  Metasploitable2, a virtual machine that exhibits vulnerabilities that can be found on  everyday computer systems and software configurations. As noted at Offensive Security, "Metasploitable is an intentionally vulnerable Linux virtual machine. This VM can be used to conduct security training, test security tools, and practice common penetration testing techniques."

In the second network configuration, we will use the Kali Linux virtual machine to compromise an everyday local area network router of the sort that can be found on many home networks, in order to demonstrate just how easy it can be to steal login credentials  passed from another computer on the network.

The tutorial is broken down into four parts:
  • Part 1 covers the installation of VirtualBox and provides a walk through of a full installation of a Kali virtual machine on your primary lab computer. Along the way, we'll take a short detour on how to quickly run live Kali sessions without a full installation of the machine.
  • Part 4 provides details on setting up our second network configuration, which models an everyday home local area network. With the attack machine, we'll conduct a simple man-in-the-middle attack against the network's router, and demonstrate a serious security vulnerability by stealing login credentials sent to it from the victim machine, in this case, the host computer. 
Comments (10)

Hack Lab Part 4: Compromising a Home Router on a Local Area Network

This is part four in our tutorial series on how to set up a home hacking and security testing lab. In part three, we set up a completely virtual network inside VirtualBox in order to use Kali to test the (in)security of the Metasploitable2 virtual machine. In the present article, we'll set up a local area network similar to one you might find in any home, and then walk through a man-in-the-middle attack against an everyday router.

Here's our hypothetical scenario: there is a malicious individual on a local area network listening in on the network traffic (sniffing it, as they say) using ARP poisoning in an attempt to steal login credentials from the router's administrator so as to hijack the device, and by extension, the network. In this scenario, Kali will once again function as the attacker but the host computer will be the victim.

This configuration will require a router specifically for the purpose of hosting our home lab's local area network. This could also be accomplished virtually, but having the external network will allow us to test the security of other external networked devices moving forward.

Configuring the Local Area Network
For the present test, which was successful, I picked up one of those ubiquitous Netgear WNR 2000 series home routers at a local flea market for ten dollars. You might even have an old router just lying around collecting dust. Plug the router in, turn it on, and configure it as desired. An online manual for this router stated that once you have connected your computer to it, you can navigate to the URL or the device's ip address in a web browser to log in for administrative purposes. They further provided the factory default login credentials: 'admin' for the login name, and 'password' for the password. The first thing I did upon logging was to change the password using the router's so-called "Smart Wizard".

I prefer to hook up devices to the lab router through ethernet, and turn off wireless networking in the router when I'm feeling paranoid. Log into the router, and adjust settings as necessary. It should have DHCP, to provide ip addresses to hosts on the network. Keep it completely isolated from your actual home LAN that is connected to the internet, at the very least because connecting a second dhcp server to your main home network would cause a fair amount of chaos. We'll soon see whether this sort of interaction with the router is secure in any way. (Spoiler alert: in the case of the WNR 2000, it is not.)

Once your router is setup, open the Network settings in your Kali machine and change the attachment from the internal network to bridged mode, and attach it to the appropriate interface. (People who are more comfortable with managing multiple interfaces on Linux could just add a second adapter and switch between the two inside Kali.)  Under the Advanced section of Kali's Network settings, notice the drop down menu for Promiscuous Mode. This setting is important for our test. There are three options here: Deny, Allow VMs, and Allow All. Set it to Deny. This means that Kali will not be privy to any traffic directly to or from its host machine or other VMs that may be on the network.

Why have we set Promiscuous Mode to Deny?

Abstinence-Only Networking and the IP Stack
When Kali is running in bridged networking mode, so as far as the rest of the hosts on the network are concerned, it is a completely independent host. But it's not, it's a virtual machine, it shares its network interface with its host computer, and by extension with any other VMs that might also access that interface.

If we set promiscuous mode to Allow All, the Kali machine will pick up all traffic going over the network interface, to which it has access because it is itself bridged over this interface. That obviously includes the given network's traffic sent to and from the host computer on which the virtual machine is running, as well as any other virtual machines it might be running on that interface. If the host computer pings the router, Kali will pick up the traffic.

When promiscuous mode is set to Deny, on the other hand, Kali networks with the host computer (and any other virtual machines that might be on the network) as if they were all on completely separate physical devices. If the host computer pings the router, Kali will not pick up the traffic.

If there is a secondary computer on the network, even if Kali is in promiscuous mode, it will not be able to capture a ping from that computer to the router, or any other such traffic between them, for that matter, such as an http session.  

When we run the man-in-the-middle attack against the router and the host machine, however, we'll see that we can pick up traffic between them. One might wonder whether this is a true man-in-the-middle attack, because as we already know, the Kali guest and the host computer share an interface. Kali already has access to the host machine's traffic. Setting up the sniffer is basically just enabling promiscuous mode on the adapter setting.

However, we are not conducting a physical layer attack. ARP poisoning is conducted between the link layer and the network layer of the IP stack. This could be demonstrated with a secondary host on the network. An ARP attack by Kali against the secondary computer will still work even though Kali does not share a physical network interface with the victim, and could not detect such traffic even in promiscuous mode.

Reconnaissance and Scanning the Network
There should now be three hosts on the lab LAN: 1) the router, 2) the host computer (our victim), and 3) the Kali virtual machine (our attacker). Let's begin by conducting some passive monitoring of the network traffic.

Open up Wireshark on your Kali instance and conduct a live capture, to see what kind of traffic you can pick up on this network. (See part two in the series for info on how to properly configure Wireshark to conduct a live capture, if you haven't already.) Let the scan run for about half an hour. My capture picked up:
  • SSDP broadcasts from the router, alerting hosts as to its existence
  • ARP broadcasts from the victim computer and the Kali host machine, seeking out the router's hardware address from its ip address.
  • DNS requests to external websites for services running on Kali and the host machine, these are obviously unresolvable, since the network is not connected to the internet. (I would also like to shut down these services later if they are not system critical, as I don't like the idea of my machines contacting random services on the internet without my say so.)
Nothing really seems out of the ordinary here, so let's run a scan of the network. Here's the topology graphic produced by Zenmap from a default nmap scan of my lab network:

The router is at, the primary host computer is at and the Kali machine is at As you can see, Zenmap's color coding indicates that there may be some vulnerabilities in the router.

This scan discovered three open ports on the router, and found no open ports on any of the other hosts. Ports 23 (telnet) and 80 (HTTP) were found open by default on the router. We would expect port 80 to be open since you can log into the router with a web browser for administrative purposes. It seems a bit odd that the telnet port is open as well, as it is unlikely anyone today would be telnetting into the router on their home network. This is a security vulnerability, but, fortunately, this router does not actually allow simple telnet access to its administrative interface. Any basic attempts to connect to it via telnet are rejected, which makes one wonder why it is open to begin with.

Now let's attempt to systematically determine what traffic on the network the Kali instance is able to capture. All packets sent from or to the Kali VM will be captured in Wireshark, since the capture is running on that system: ex. ping requests to the router from Kali, ping requests to Kali from the host computer, HTTP traffic if you use a Kali web browser to navigate to the router's admin page, and so on.

As noted above, if your Kali virtual machine's network settings were in promiscuous mode, Wireshark would also capture any packets directly sent to or from the host computer. But this is not the case here as we have set promiscuous mode to Deny.

With promiscuous mode set to Deny, if you ping Kali from the host computer, the Wireshark capture will pick up all of these packets, since they are being sent directly to and from the Kali machine. However, if you ping the router from the host computer, none of the request or reply packets will be picked up by your Wireshark capture in Kali, nor will any other such traffic. For example, if you use a web browser on the host computer to navigate to the router's login interface, the capture will not detect any of this traffic.

With this observation, we have acquired our target. What we would like to do is two-fold: 1) pick up any direct traffic at all between the host computer and the router, 2) pick up any sensitive traffic (and any correspondingly sensitive information) sent between these devices.

Running a Man-in-the-Middle Attack with Ettercap
To compromise the traffic between the host computer and the router, we are going to use a program called Ettercap. As noted in its manual page, Ettercap is a "multi-purpose sniffer/content filter for man in the middle attacks." Ettercap can be run from the command line or through its graphical interface. To launch the graphical interface, type the following command into a terminal: sudo ettercap -G. The Ettercap graphical interface:

However, we're going to run Ettercap from the command line, as this conserves more resources on the host machine since it does not require excess RAM. Our plan is to use arp poisoning to capture traffic between the victim and the router. Reading through the Ettercap manual pages allows us to determine that we can use the following command to conduct our attack:
sudo ettercap -i eth0 -T -M arp / /
Before we run the command, let's take a closer look at what's going on here: 
  1. sudo runs the command as a privileged user. This is necessary for Ettercap to conduct the packet capture.
  2. ettercap tells the shell to run the Ettercap program.
  3. -i eth0 tells Ettercap to run the capture on the eth0 interface inside Kali. This may be different for you depending on how you have your network adapters set up. If you try to run arp poisoning on an interface that is not enabled, Ettercap will likely complain that "No such device exists". If you run it on an interface that is enabled, but not connected to a network, Ettercap will complain that "ARP poisoning needs a non empty hosts list".
  4. -Tq tells Ettercap to run in text mode (-T), meaning it will print out any text characters found in its capture.
  5. -M tells Ettercap to run a man-in-the-middle attack.
  6. arp specifies that Ettercap should run an ARP poisoning man-in-the-middle attack.
  7. / and / specifies the two specific hosts we want to target.
Let's see if we can capture any traffic between the victim and the router. Start a Wireshark live capture on Kali. Now ping the router from your host computer, and just let it ride (ex. ping If you are running in non-promiscuous mode, Kali will not pick up any of the ping requests and replies between the victim and the router.

Now run the Ettercap command above (with any necessary substitutions for your own network configuration) from a terminal in Kali. If successful, the Wireshark capture should now begin picking up the echo requests and replies between the victim and the router (as well as any other packets passing between them), and Ettercap will print to the terminal any text picked up in those packets. You can now stop the live capture, quit Ettercap and stop the ping from the host machine to analyze the results. 

The next question is whether we can pick up any sensitive information, such as login credentials, passing between the victim and the router. For this, we'll slightly modify our Ettercap command:
sudo ettercap -i eth0 -Tq -M arp / /
As you can see, everything is the same here, except I've added a q to the -T option. This tells Ettercap to run in quiet mode, which means that it will not print any and all text it picks up in captured packets, but rather only text of potential significance, such as login credentials. For our test, we want to see if we can capture the victim's credentials when logging into the router.

Start a new Wireshark live capture in Kali. Run the Ettercap quiet mode command in a terminal. Now, on the host computer, use a web browser to navigate to the router and log in to the administrative interface. Here's the result in Ettercap when I ran this attack against the WNR 2000 router:

As you can see, Ettercap picked up the victim's user name (here: 'admin') as well as the password (here: 'supersecretstring'). Moreover, the router passed the login credentials over the network in plaintext six times when the victim logged in to the device! Obviously, 'supersecretstring' is not a very good password, but in the present case it doesn't really  matter how secure the password is, since the router passes it over the network in plaintext.  
The login credentials can also be found in the Wireshark packet capture run alongside the Ettercap ARP poisoning attack. My Wireshark capture picked up a lot of packets, so let's do a search for 'credentials':

Inspecting the first packet returned from this search, reveals the following under the HTTP section of the packet view:

And there they are, the user name and password, conveniently located under the authorization heading: 'admin:supersecretstring'.   In fact, it turns out the login credentials are sent in plaintext every time the victim loads another page in the router web interface!

The victim's router admin account has now been compromised. After the victim logs out of the router, the attacker can immediately log in with admin privileges, change the password and lock out the victim, or make changes to the system's settings, turning it off, etc. The "Smart Wizard" on the WNR 2000 router isn't so smart or wizardly after all!

Now the question is: does this attack work against the router on your home lab? Let us know in the comments.

Reflecting on this attack, one would probably ask: Can't we detect this attack as it was going on? Does it not create a whole load of excess traffic on the network? Wouldn't it be clear from a packet capture on the victim machine that the intrusion took place? Wouldn't it even identify the ip and hardware addresses of the attacker? The answer to all those questions is in the affirmative, but you'd need to have been monitoring the network traffic over the whole course of the login session to know that. A simpler solution for the potential victim is to check the system's ARP cache before logging in to the router. This will identify whether there are two hosts on the network with the same hardware address. Since hardware addresses are supposed to be universally unique, this is a tell-tale sign that ARP spoofing is in progress.

Moving Forward
Now that you have your lab's local area network set up, what can you do with it moving forward? Well, that's up to you! At the very least, you can use it to test the security of any given networked device you like, whether it's your main computer, a secondary computer, a cell phone, a tablet, a network drive or fileserver, a television or gaming console, and so on. Do you know what precise information your cell phone or laptop broadcasts to the entire local area network when you connect to any wireless device?

That concludes part four of our tutorial series on setting up a home hacking and security testing lab. If you've followed along from the beginning, you now have a virtual network you can use to explore the vulnerabilities in Metasploitable, an isolated local area network to test the security of any device you wish, and some familiarity with a handful of the many tools that are bundled with Kali.

As always, questions, comments, suggestions and criticism are welcome in the comments. Happy hacking!
Comments (8)

Hack Lab Part 3: Installing the Victim Machine on a Virtual Network and Basic Exploits

This post is part three in our tutorial series on how to set up a home hacking and security testing lab. If you followed along in parts one and two, you have installed a Kali virtual machine in VirtualBox on your primary computer, and have begun exploring your home computer network with nmap and Wireshark, both of which come bundled in Kali.

In the present article, we will walk through the creation and installation of our victim machine, a virtual instance of Metasploitable2, and then configure our first lab network: a completely virtual internal network inside VirtualBox. We'll place the Metasploitable2 victim machine and the Kali attack machine on the virtual network, and conclude by showing one way to begin exploring and exploiting Metasploitable's various vulnerabilities with Kali, and then provide some resources for further study.

On that note, it must be stated at the outset that Metasploitable is an intentionally insecure machine, with a ridiculous number of vulnerabilities. It should never be exposed to the internet, or to an untrusted network. This is why we will connect it to a completely virtual network, one that cannot even be accessed by the host machine that is running VirtualBox.

Installing Metasploitable2 in VirtualBox
There are number of subtle differences between creating a Metasploitable virtual machine and creating a virtual instance of an everyday operating system such as Kali in VirtualBox, as wel shall see. Metasploitable2 is a prepackaged system intended for security testing and practicing common exploit techniques. Once the machine is set up, it does not require any updates or further configuration as was the case with Kali.

The first step, of course, is to download a copy of the Metasploitable2. Metasploitable2 was developed by Rapid7, the IT security group that created the Metasploit Framework, "a tool for developing and executing exploit code against a remote target machine," as noted at Wikipedia. The Metasploit Framework, as you may know, is also bundled in Kali, and the intentionally vulnerable Metasploitable2 system was created to provide a way to test the sorts of exploits that can be launched from Metasploit, among other tools.

You can download Metasploitable2 from Rapid7, but it is also available from other sources such as SourceForge. Once you've downloaded the file, unzip it, and place it wherever you prefer. I keep all my virtual machine .iso files and the like in a dedicated folder.

In the Metasploitable2 download, you'll notice a few differences from your Kali download. For Kali, we used the .iso disk image file to install the system on the machine. There is no .iso file for Metasploitable2. Instead we are instead going to install the Metasploitable.vmdk file, which stands for virtual machine disk format.

Start up VirtualBox and click "New" to begin setup of the victim system. Name the new virtual machine, select its type and version. I've just used the defaults here: Ubuntu, 32 bit. Click "Next".

Since we will not be using the Metasploitable system directly, but rather only interacting with it as a target, we can lower the amount of RAM we allocate for it.  I've chosen 384 MB as the initial setting. After you get it up and running, you might find that you can reduce it even further. In my experience, response times begin to noticeably lag around 256MB of RAM. Click "Next".

We do not need to create a virtual hard drive for Metasploitable. Instead the .vmdk file will act as a virtual hard drive itself. Select "Use an existing virtual hard drive file", then click the file-browser icon, navigate to your Metasploitable download files, and select the .vmdk file. Click "Create".

The newly created instance should now appear in your VirtualBox interface. Notice I have grouped my kali1 instance and my Metasploitable2 instances inside a folder labeled 'lab'. Grouping becomes very helpful once you have more than a couple virtual machines set up.

Now we need to tweak a couple settings for our Metasploitalbe virtual machine. Open the Settings window. I uncheck 'Floppy' in the boot order under the System menu, though this is not very important. In the Network settings, you'll notice that the default is the same as it was for Kali: there is a single network adapter enabled with NAT, natural address translation.

We're going to change NAT to an internal VirtualBox network. In the "Attached to" drop down menu, change adapter one by attaching it to "Internal Network". You can also name your new virtual network. The default name is 'intnet'. I'm going to call mine 'labnet'. Click OK.

We're not quite ready to fire up our victim system just yet. Or at least, I'm not, because I've chosen a new name for my internal network. My experience with internal networks in VirtualBox has been a bit inconsistent. I clearly recall that the first time I used an internal network, it just worked and no further config was necessary. On another computer, I later found that the default internal network 'intnet' had to be configured as you would any custom internal network. If you fire up your Metasploitable virtual machine, log in and find that you have a functioning ip address, you're all set and can skip the following section. Otherwise, read on.

Configuring the VirtualBox Internal Network
I have to now enable the VirtualBox internal network 'labnet' to which I've just attached my Metasploitable virtual machine. If we take a look at the VirtualBox user manual section on Internal Networking, we read:
Unless you configure the (virtual) network cards in the guest operating systems that are participating in the internal network to use static IP addresses, you may want to use the DHCP server that is built into VirtualBox to manage IP addresses for the internal network. Please see Section 8.35, “VBoxManage dhcpserver” for details.
Rather than set up static ip addresses for our virtual machines on the virtual internal network, let's set up the virtual dhcp server. Reading through the VirtualBox user manual section on managing the dhcp server, we can conclude that running the following command in a terminal on the host computer will appropriately configure the internal labnet network.
VBoxManage dhcpserver add --netname labnet --ip --netmask --lowerip --upperip --enable
What's going on here? Let's parse this command.
  • There is the command for the VirtualBox dhcp server: VBoxManage dhcpserver
  • We want to create a new network, therefore: add
  • We indicate the name of the new network: --netname labnet
  • We specify the ip address of the dhcp server itself: --ip
  • We specify the subnet or netmask: --netmask
  • We specify the lower ip address for the server: --lowerip
  • We specify the upper ip address for the server --upperip
  • Finally, we enable the network so it starts any time a machine on the network is started: --enable
If successful, you can now fire up your new victim system and it will automatically be connected to the newly-configured internal virtual network. Go to the VirtualBox interface, select the system and click Start. This is the Metasploitable login screen:

Run ip addr or ifconfig to confirm that the system has been given an ip address and make a note of it. The victim is prepped. Did I mention? Metasploitable is an intentionally insecure machine, with a ridiculous number of vulnerabilities. It should never be exposed to the internet, or to an insecure network!

Now let's put our attack machine on the internal network. Network adapters can be changed in this manner even if the machine is running, though in my experience, this can also lead to minor glitches in the functioning of the VM, so I usually shut down if I'm going to change network settings for a VM.

Select your Kali instance in the VirtualBox application interface, click Settings, go to the Network settings. Change the adapter from Bridged to Internal Network, and select the name of your newly created internal network. I also "Allow All" in promiscuous mode under the advanced settings, as this allows the Kali network interface to detect any and all packets to and from the other virtual machine (as well as the host computer, if it were able to connect to the same network). Click OK.

Start up Kali and log in if the machine is not running. Check ip addr or ifconfig to make sure you have gotten an ip address from the virtual dchp server. If so, you're all good! Open up the Ice Weasel browser that comes bundled with Kali. In the address bar, enter the ip address of your Metasploitable instance. When the page loads, you should see the web interface that is pre-configred on the Metasploitable virtual machine. It comes packaged with 5 different websites/webapps that are intentionally insecure: TWiki, phpMyAdmin, Mutillidae, DVWA, WebDAV:

At this point, you now have a virtual internal lab network running on your host computer, and two virtual machines running on that network: your Kali attack machine and your Metasploitable victim machine. Remember, this network is completely internal to VirtualBox. Your virtual machines cannot communicate with the host computer over this network and the host computer cannot communicate with the virtual machines over this network. They are isolated.

Exploring Metasploitable's Vulnerabilities
Now the real fun begins! The first thing you might do here is passive network monitoring to see what kind of packets, if any, the victim machine is sending out over the network. Fire up Wireshark inside Kali, and start a capture on the appropriate interface for the lab network. (See part two of this series on how to configure Wireshark for live capture.)

From the packet capture, you'll soon notice that Metasploitable sends out workstation and workgroup announcements every couple of minutes for services that are running on it. If you inspect those packets more closely, you'll find that those packets contain a good deal of information about the host machine sending them, as well as about the services running on it.

An an exercise, confirm by inspecting the packets you've captured that Metasploitable is: 1) a workstation, 2) a server, 3) a print queue server, 4) a Xenix server, 5) an NT Workstation, 6) an NT Server, and 7) a Master Browser. You can doubly confirm that the machine is running such services by browsing its shares over the network in the file manager. But where can we find the network login credentials to view the shares?

Now that we have some idea of what we're dealing with, let's conduct a few port scans of the victim system to see what vulnerabilities that might expose. Let's just go through some of the various default scan types built in to Zenmap to see what they bring to light.

A ping scan reveals that the host is up. A quick scan identifies 18 open ports, among them the reserved ports for ftp, ssh, telnet, smtp, htttp, mysql and so on. A regular scan identifies 23 open ports. An intense scan also reveals 23 open ports, but it also provides operating system and version information, along with more detailed information about the services running on the various ports. For example, it notes that anonymous ftp login is allowed on port 21, identifies the SSH server's hostkey fingerprint, and so on. Run the more intensive scans to see what else you can find.

As an exercise, analyze the command options used in the various Zenmap scans to determine why those particular scans revealed that particular information.  

It is worth noting here that a couple leads for tracking down Metasploitable's network login credentials are provided already in the simple quick scan. However, it is indicative of the system's complete insecurity that these leads make the question of determining the network login credentials moot. Can you identify any such lead and why it moots our earlier question?

If you've followed along this far, you're probably asking yourself: what's next?  (That is, if you haven't jumped ahead already.) Well, you now have a fully functioning virtual hacking lab outfitted with one of the most powerful attack systems and one of the most vulnerable victim systems around. It's time to start exploring some of the more involved tools bundled in Kali and see what other kinds of weaknesses you can identify and exploit in the various services running on the victim machine, including in the five websites and applications running on the system.  That, however, is beyond the scope of the present article, but here are some resources to help get started:
Like nmap and Wireshark, all three of these tools are listed in Kali's "Top Ten Security Tools" menu.

That concludes the present article. In part four of the series, we'll set up an external local area network and demonstrate how it is possible to steal login credentials from a victim machine logging in to a compromised router. As always, questions, comments, suggestions and criticism are welcome below.
Comments (5)

Hack Lab Part 2: Exploring Your Home Computer Network with Kali Linux

This article is part two in our tutorial series on how to set up a home hacking and security testing lab. If you followed along in part one, installing a Kali Linux virtual machine in VirtualBox, you have installed VirtualBox on the primary computer for your home lab and created a Kali Linux virtual guest on this host machine. The Kali system has been fully updated and VirtualBox Guest Additions have been installed on it. Finally, your Kali VM has a single network adapter running in bridged mode and you have set up an administrator account on the Kali instance. 

Creating and configuring the virtual network setup outlined in the introduction, which we will do in part three of this series, requires a few more steps: we still have to download and install Metasploitable, set up the virtual network, etc. But if you're like me, you're probably already itching to start playing with all the toys Kali has to offer, if you haven't already!

Home Network Analysis 101
This article will show how some of the tools that come bundled in Kali can be used to explore your existing home computer network, and test whether you can successfully identify all the devices that are connected to it. In particular, we'll take a look at a set of tools that come bundled in Kali that can be used for network analysis: nmap/Zenmap and dumpcap/Wireshark.

These will come in handy in our eventual testing lab, but they can obviously also be used to explore your home local area network as well. Nmap is a command line network scanner, and Zenmap is a graphical interface to nmap. Dumpcap is a command line network traffic monitor, and Wireshark provides a powerful and versatile graphical interface to monitor network traffic and analyze network packet capture files.

Here's a simple experiment. Do you happen to know how many devices are currently connected to your home network? Can you identify all of them off the top of your head? Try to do so, and make a list of them. At the very least, we know there will be at least three: the Kali guest, the host machine you are running Kali on, and your router. There may also be more computers or cell phones connected to it, and maybe even your television, refrigerator or coffee maker!

We are first going to use nmap to see if we can identify any such devices on the network, and perhaps detect one or two that we did not think or know were connected to it. We'll then configure Wireshark and run a packet captures to get a sense for the normal traffic on the network, and then run another capture to analyze just how an nmap network scan works.

Determining Your IP Address
Before we can scan the network with nmap, we need to identify the ip address range we would like to examine. There are a number of different ways to determine your ip address on a Linux distribution such as Kali. You could use, for example, the ip or ifconfig commands in a terminal: ip addr, or sudo ifconfig.

(Note that if you are using an administrator account inside Kali, which is considered a best practice, when a non-root user enters a command such as ifconfig into a terminal, the shell will likely respond by complaining "command not found". In Kali, sensitive system commands like ifconfig have to be run as root. To access it from your administrator account, all you need to do is add "sudo" to the front of the command: sudo ifconfig.)

These commands will provide you will a wealth of information about your network interfaces. Identify the interface that is connected to the LAN (likely eth0), and make a note of the ip address indicated after "inet" for the ip addr command, or after "int addr:" for the ifconfig command. That is your ip address on your local area network. Here are a couple ifconfig and ip addr outputs posted by the Ubuntu Journeyman:

As you can see here, the ip address for this machine is Yours is likely something similar to this: for example, or etc. Notice in the ip addr output above, the ip address is:  That means is the ip address of that specific machine, while the /24 at the end indicates the address space for the LAN's subnet, which in this case are all the addresses from to

If we were to scan this local area network with nmap, we would want to scope out all the addresses in the network's range, which means,,,, and so on, all the way to One shorthand way of notating this is: Another common shorthand is  Of course, if your address were, then the shorthand would be: or 

Host Discovery
Let's assume your Kali VM has the ip address on a subnet with possible host addresses from to Now that we know Kali's ip address and the address range we want to take a look at, open up a terminal and type: nmap. This will provide you with a long list of all the options available within the nmap program. Nmap is a powerful program and there are a lot of options! Perhaps the simplest possible network scan that can be conducted with nmap is a ping scan, for which we use the -sn option.

Now type nmap -sn into your terminal and hit enter. (Don't forget to substitute the address range for your network if it is different from this!) This scan will tell you how many hosts nmap discovered by sending a ping echo request to each of the addresses in the range x.x.x.1-255, and provide you with a list of the ip addresses of the hosts that returned a ping reply. This is host discovery 101. Here is the ping scan output from nmap on a simple local area network I set up for the purpose:

The ping scan found 5 hosts up with the addresses:, .2, .3, .5 and .6.  Note that in the wild, this method of discovery may not work, as it is becoming increasingly common for administrators to configure their systems so that they do not reply to simple ping echo requests, leaving a would-be ping scanner none-the-wiser about their existence.

Did your scan find the same number of hosts that you had presumed were on your network? Were there more or less?

We can use the default nmap scan to further investigate known hosts and any potential ghost hosts the ping scan may or may not have uncovered. For this, simply remove the -sn option from the command above: nmap 192.168.1-255. Here's the output of the default nmap scan on the same network as above:

Nmap has returned much more information. It found three open ports on the router at, as well as an open web server port on host  All scanned ports on the remaining hosts were closed.

You can also use nmap to further investigate known hosts. The -A option in nmap enables operating system detection and version detection. Pick out a couple of the hosts discovered by your nmap scans, for which you already know the operating system type and version. Now scan these hosts with nmap for OS and verstion detection by adding them to your host address target list, separated by commas.  For example, if I would scan the router and web server discovered above for OS and version detection with the command: nmap -A,2. This will return more information, if any is determined, on those hosts.

You can obviously also run an OS and version detection scan over the whole network with the command: nmap -A Depending on the number of hosts on your network, this scan could take a couple minutes to complete. If you press <Enter> while the scan is running, it will give you an update on its progress.

If there are more and a handful of hosts on your network, the output can be hard to parse in the terminal. You could send the output to a file with:  nmap -A > fileName.txt. Or you could use one of nmap's own built-in file output options.

But this is also where Zenmap comes in quite handy. Open up Zenmap from Applications->Kali Linux->Information Gathering->Network Scanners. If you are running as an administrator and not root, as you should be, you will get a message stating that not all of nmap's functionality can be accessed without root privileges. Root is not necessary for basic scans. However, you can run Zenmap as root by opening a terminal and typing: sudo zenmap. The Zenmap interface:

The Zenmap interface is pretty straightforward. Enter the target ip address or address range into the target field. Changing the scan profile from the drop down menu changes the scan command. You can also manually enter or edit commands in the command field. After you run a scan, Zenmap also helpfully breaks down the results for you, providing host details, port lists, network topology graphics and more.

Play around with the various built-in scan types. Can you identify all the hosts on your home network with a ping scan? a regular scan? an intense scan? Can you identify all the open ports on those hosts? If you have a laptop or another device that you frequently use to connect to the internet over public wi-fi hotspots, you can also do intensive scans of those devices to determine if there are any open ports that would represent a potential security vulnerability. Identifying open ports is important for vulnerability assessment, because these represent potential reconnaissance or attack vectors.

Network Traffic Capture and Analysis with Wireshark
Nmap scans a network and probes hosts by sending out ip packets to, and inspecting the replies from, its target at a given address. With 255 addresses to scan along with 1000 ports on all discovered hosts in the default scan of the subnet above, that's a lot of network traffic! What does the packet traffic generated by a scan look like on the network?

To answer this question, we can use Wireshark and dumpcap. Dumpcap, as its name implies, is a command line tool that dumps captured network traffic. Wireshark provides a graphical user interface to analyze these sorts of dump files, which are collections of all the network traffic to which the given network interface was privy.

If run with the proper privileges, Wireshark can capture live network traffic as well. In Kali, you can find Wireshark under: Applications->Kali Linux->Top 10 Security Tools. Unless you have already configured Wireshark with the appropriate settings, when you open it for the first time you will be informed by the "Capture" panel that "No interface can be used for capturing in this system with the current configuration."

In its documentation, Wireshark recommends appropriate settings to enable capture privileges. This also suggests confirming that Wireshark can also be run as root. To run Wireshark as root, you can log in as root, or run sudo wireshark in a terminal. When you run Wireshark as root, you will first be given a usage warning and provided with sources for how to set up proper privileges. This forum post on AskUbuntu boils the process down to three simple steps.

Now that you've enabled live captures in Wireshark, let's run one! Click "Interface List" in the Capture panel of the default view. Choose the interface that is connected to the network (it will indicate your ip address on that network), and click Start.

This will immediately begin a live capture of all the packets on the network to which the interface has access. At the very least, it will detect: 1) packets it sends out, 2) packets it receives directly, 3) packets it receives indirectly if they are broadcast to all the hosts on the network.

If you have never viewed a network packet capture before, you may be surprised what you can see, and what information is simply being broadcast over the network. You'll probably find messages from your router, you'll see internet traffic packets if you are viewing a webpage in a Kali browser, or on Kali's host computer (depending on whether or not Promiscuous Mode is enabled in the VirtualBox advanced network settings for your Kali machine). You might find that one device is especially chatty for no good reason. There might be devices pathetically sending out calls to other devices that have been removed from the network, such as a laptop searching for a printer that has been turned off, and so on.

The default Wireshark packet capture interface numbers each packet it captures, and then notes the time after the capture began that it received the packet, the ip address of the source of the packet, the ip address of the destination of the packet, the protocol, the packet's length and some info. You can double click an individual packet to inspect it more closely.

If you ping your router (which you should have been able to identify via nmap analysis) from Kali, you'll see all the requests and replies, obviously, since the Wireshark capture and the ping are running on the same machine. But the Kali guest shares its interface with the host machine. If you enable promiscuous mode in the advanced network settings inside VirtualBox for your Kali instance, when you ping your router from the host machine itself, the Wireshark capture will similarly allow you to see all requests and replies, they're going over the same interface! If you disable Promiscuous Mode, on this other hand, this will not be the case. In this case, packets to and from the host computer will not be picked up, as if it were a completely separate physical machine. Similarly, if you ping your router from a different computer, you will not see the request/reply traffic at all, though perhaps you might pick up an ARP if the requester does not already know the (hardware) address of the request's intended recipient.

After getting a feel for what the base level network traffic looks like on your network, start a new capture, and then run a simple scan from nmap or Zenmap, and watch the result in Wireshark. When the scan is finished, stop the capture and save the file. Capturing the simple nmap ping scan from above on my network resulted in a file with over 800 packets! Now you can analyze the network traffic generated by the scan itself. You'll probably want to play around with Wireshark for a bit to get a sense of what it offers. There are tons of menus and options in Wireshark that can be tweaked and optimized for your own ends.

Well, that's it for this article. In part three of our hack lab tutorial series, we'll install our victim machine, an instance of Metasploitable2, in VirtualBox and set up a completely virtual lab network to explore some more tools that are bundled in Kali. As always, comments, questions, corrections and the like are welcome below.
Comments (15)

Hack Lab Part 1: Installing a Kali Linux Virtual Machine in Virtualbox

In this article, which is the first part in our tutorial series on how to set up a home hacking and security testing lab, we will walk through the creation and installation of a Kali Linux virtual machine inside VirtualBox. This system will then function as our main monitor and attack machine in subsequent tutorials. After setting up the virtual system, we will:
  1. run a live Kali session
  2. do a full install
  3. update the system
  4. install the VirtualBox Guest Additions
  5. configure appropriate user accounts
  6. and finally switch over to a bridged network adapter in preparation for the next tutorial in the series
The whole process may take a few hours to complete, more or less, depending on the specifics of your own situation, ex. computer, internet connection speed, and so on. This session took me about three hours from beginning to end.

There are a number of different free virtualization packages available online. For this tutorial series, we've chosen to go with VirtualBox because it's open source, beginner friendly, and there is a lot of documentation and support information that can be found for it online, especially regarding the systems that we will be installing. For example, since Kali and Metasploitable are derived from the Debian Linux distribution, support information on other Debian-based operating systems such as Ubuntu or Crunchbang is often also applicable to Kali and Metasploitable, as we shall see in this and subsequent articles.

The first step is to download and install the VirtualBox software package onto the primary computer chosen for your lab setup. Make sure you download the right version for your operating system and hardware architecture (32 bit vs. 64 bit). Instructions for installation on various operating systems are readily available if you run into any snags. Also make sure to keep a handy copy of the VirtualBox user manual, which comes packaged with the software and can also be found online.

Once you install VirtualBox and run it for the first time, you'll be presented with the application's welcome prompt, which provides an orientation for the interface. Poke around in the menus to get a feel for the software.

Next, download a copy of the Kali Linux operating system .iso disc image. Again, make sure you download the proper ISO file for your computer's architecture. Depending on the speed of your internet connection, this may take some time, as both the 32 bit and 64 bit files are 3GB in size. Kali's documentation can be found here.

As Kali is a security sensitive system, once you have downloaded the file, it is recommended to check its SHA1SUM hash value against the one supplied on the download page to make sure the file had not been corrupted in transit. For more on how to check a file's hash value, follow the link to our previous article providing an overview of the process.

If you plan on playing around with a number of different virtual guests on your computer, it is probably a good idea to create a permanent folder somewhere on your system where you will keep all the necessary operating system .iso files.

Creating a Virtual Machine
Now let's return to VirtualBox and set up the virtual machine on which we will install the Kali operating system. Open VirtualBox and click "New". Provide a name for your Kali virtual guest system. Choose Linux as the type and Debian as the version, since Kali is derived from Debian Wheezy. As you can see below, I'm using the 32 bit version. Click Next.

Choose the amount of memory you want to allocate to the virtual instance once it is up and running. In my experience, Kali can use a lot of RAM, and the computer I'm running it on has a fair amount to spare, but for now I'm going to leave it at the default of 512MB.  You can also adjust these settings later to optimize them for your own setup. In my experience, Kali runs pretty well in VirtualBox even on a laptop with only 4GB of RAM, though you may have to conserve by shutting down memory intensive applications running on the host computer. After you've set your memory size, click Next.

Choose whether you want to create a virtual hard drive for the virtual machine. We're going to need one for our home lab, so check "Create a virtual hard drive now", then click Create.

For the "Hard drive file type", check "VDI (VirtualBox Disk Image)", then click Next.

In the "Storage on physical hard drive" window, you'll probably want to choose "Dynamically allocated." This means that space will not be taken up on your physical hard drive until it is actually written to the virtual disk. If you choose "Fixed size" then the virtual disk drive will take up a set amount of space on your physical hard drive even if that space has not been written to by the virtual machine. Click Next.

In "File Location and Size," choose where you want the hard drive files for the virtual system to be stored by clicking on the folder icon. I just use the default folder. This is where VirtualBox will store all files related to your virtual machine. Also, on this screen you may increase or decrease the amount of hard drive space you want to be allocated for the virtual instance. 8 GB is the default. I'm going to push mine up to 10 GB. Click Create.

The new virtual system should now appear in your Virtualbox interface. As you can see I have three folders in my left sidebar, and have placed the kali1 instance I just created into a new "lab" group. In the main interface we can see the settings for the new systems, which are a mixture of defaults and configuration settings we determined ourselves in the creation phase. Before starting up the instance for the first time, I usually adjust a few settings first.

Click "Settings" for your new virtual machine. I'm going to add a description under the General menu, because I have other Kali instances on my computer.

In the System menu, under Motherboard, I uncheck "Floppy" in the boot order.

Also in the System menu, under the Processor sub-menu, we have to check "Enable PAE/NX" for Kali to operate properly.

Finally, under the Display menu, I add more Video Memory to the default 12MB, bumping it up here to 36 MB to start. Again, this can be adjusted later to optimize your particular setup.

That's it for now. Browse through the other menus. Notice in the Network setting we can add up to 4 different network adapters for our virtual machine. Later we will play around with the network setting, after we've fully installed the Kali operating system. For now, a single network adapter running on NAT (i.e. Natural Address Translation) will suffice for our purposes.

Click "OK" to save your changes.

Fire up your new machine by double clicking it, or single clicking it and then clicking Start. You will be prompted to "Select start-up disk". We now have to choose the startup disk for our new virtual machine. This is the Kali .iso file we downloaded earlier. Click the folder icon and navigate to the folder where you've stored the Kali .iso file on your host computer. Select it, then click start.

Booting into a Kali Live Session
Kali should boot as if you were booting a real physical machine from a cd with the Kali operating system file on it. Notice that if you click inside the guest window, your mouse pointer will be "captured" by the guest. From then on, your keyboard and mouse activity will control the virtual machine. To switch back to using your host machine, you have to hit the host key, which by default is Right-Control on my computer. It may be different depending on your operating system. The Virtualbox interface will tell you what the "Host Key" is in the bottom right of the window.

From this menu, you can boot into a number of different types of live session, or you can do a full install of Kali on the virtual hard drive we previously created inside Virtualbox. As we shall see, there are numerous advantages to doing a full install of Kali for the purposes of our home hacking lab, but one of the advantages of a live session is that we can jump right in without any further configuration. Let's select the default Live session. Here is the Kali Desktop after booting into live session (note the time and day, yes, this is how I prefer to spend Saturday evening):

You will soon notice that there are certain limitations to the virtual machine's interface. For example, your mouse wheel will not work, you cannot enlarge the size of the screen, or go full screen, there is no tab completion in the terminal, and there are other interace issues as well. This is not a limitation of the live session, or Kali itself, but rather of the virtual machine we've created. However, all these issues can be addressed by installing the Virtualbox Guest Additions, but we'll save that for our future full install of the system.

Notice also that there are limitations to the default NAT networking interface. Under NAT (natural address translation) the Kali guest is not treated as its own independent node on the wider local area network. It does not have an independent ip address on the local area network. Its virtual ip address is translated by the ip address of the host machine. This can be addressed by adding a second network adapter to the virtual system or changing the present one, as we shall see later on.

However, despite these limitations, you can already begin exploring the ridiculous number of tools that come bundled with Kali. Here are Kali's Top Ten Tools:

Since all appears to be working well, let's take a snapshot of the virtual machine. VirtualBox snapshots are a way to keep a log of your virtual machines in a given state. If you are experimenting with a new configuration, and everything suddenly goes to hell, you can always revert back to your previous snapshot like nothing happened. Go to the VirtualBox interface window, select your Kali guest, click "Snapshots" in the upper right. Take a snapshot by clicking on the camera icon. Name the snapshot, and give it a description. Now, if we seriously screw up something on the machine, we can always just revert to this prior state of the system.

Now let's reboot to do a full install. Click the root menu item in the top right of the Kali Desktop window. Then choose reboot or do a full shut down and boot from the VirtualBox interface. In the process, you will be prompted to remove the disk from the system. Of course, we are using a virtual disk image, so there is no physical disk that needs to be removed. Just click enter to continue. Now reboot . . .  OH NO!!!!! "FATAL ERROR: No bootable medium found! System failed."

If you've been following along thus far, you've likely just been delivered this disturbing warning by your virtual machine upon reboot. It's a good thing we took that snapshot! Actually, this was only to be expected. Remember when you had to remove the virtual disk from the machine upon shutdown or reboot? Well, we now have to re-insert the virtual disk, that way we can reboot into Kali and move on to a full install of the operating system. So solve this "Fatal Error," with your virtual machine still running:
  1. Point your mouse toward the Oracle VM VirtualBox application menu on your host machine and find the Devices dropdown menu
  2. Select "CD/DVD devices"
  3. Select "Choose a Virtual CD/DVD disk file..."
  4. Select or navigate to your Kali .iso operating system file
  5. Close the virtual guest by exiting the window and powering off the machine 

After the machine closes down, restart it from inside VirtualBox, it should boot into Kali from the newly inserted virtual disk.

Full Installation of Kali in VirtualBox 

Now let's move on to our full installation of the Kali virtual instance. Once your system reboots into the main menu, choose the Install option and hit enter.

The installation process will begin straight away. Note that over the course of the installation, the various menus are not graphical interfaces. You cannot point and click, you have to enter info via the keyboard, and use the arrow keys to navigate. We're not going to do anything fancy here for the purposes of this simple home lab setup. In most cases the defaults will suffice. Simply follow the directions on each page. This process took about an hour on my computer. Here's the first screen:

  1. Choose your language.
  2. Select your location.
  3. Select your keymap.
  4. Enter the new host's name. It simplifies things to choose the same name you chose for your VM inside VirtualBox, but these need not be the same name. You can also always change both names later if you so wish.
  5. Enter a domain name. I'm going to leave it blank and hit enter.
  6. Enter a root password, then re-enter to confirm. These will be the credentials for the root super-user on the system. Be sure to make a note of the password you've chosen.
  7. Select your time zone.
  8. Partition Disks, select 'Guided - Use Entire Disk'. Not to worry, here 'Entire Disk' means the virtual hard drive we created upon initial setup of the VirtualBox machine. In my case, this will eventually claim up to 10GB on my harddrive, as this was the size I specified when I created the VM.
  9. Select disk. This is the virtual hard drive we configured earlier.
  10. Select partition scheme. Let's choose default, all files in one partition.
  11. Confirm selections, or go back if necessary.
  12. Select yes, to commit the changes by writing them to disk.
  13. Select network mirror if any. None is needed for this home lab setup.
  14. Select proxy if any. None is needed for this home lab setup.
  15. Install grub boot loader (default).
  16. Installation complete! Select continue.

Let the machine do its thing, and then reboot the system. Upon reboot, log into kali using 'root' as your username along with the password you chose for root during installation.

Congratulations, you now have a virtual instance of Kali Linux installed on your computer! But we're not done with our configuration of the new virtual machine just yet. We still have to update the software on the system, and then we're going to install the VirtualBox Guest Additions in order to enable full screen mode, tab completion in the terminal and so on. This process might take you another hour or so, depending on your internet connection.

Updating Kali and Prepping for Guest Additions
If your host computer is connected to the internet, you should have internet connectivity from inside your Kali VM over your NAT adapter. You can check this by opening up the bundled Ice Weasel browser and making sure you can get online. Ice Weasel can be opened by clicking the icon next to the Places drop down menu in Kali. You can also try pinging or some other website from inside a terminal. You can open a terminal by clicking the terminal icon next to the Ice Weasel icon. We are going to need a working internet connection to update the system.

Let's update the system. Open a terminal in Kali and enter the following command:
apt-get update
This will make sure Kali checks the most recent repository for any software updates. Once this process completes, enter:
apt-get dist-upgrade
This will update all software on the Kali system. Depending on your internet connection, this may take some time. The process lasted around 15 minutes for me this time around. Once that is complete, you now have a fully updated Kali virtual machine. But we are still lacking some basic functionality, so now we're going to install the VirtualBox Guest Additions.

Installing Guest Additions in VirtualBox can be tricky. To prepare the system to handle the Guest Additions, we have to run a couple more commands inside the terminal, so open up a new terminal shell and run the following series of commands, one after the other, after each completes:
apt-get clean
apt-get autoclean
apt-get update
apt-get install build-essential linux-headers-`uname -r` dkms
Notice that `uname -r` is inside backticks, not single quotes in the final command here. Yes, this matters. The backtick key should be located just above the tab key on your keyboard. This series of commands was suggested on this CrunchBang forum post, and it has yet to fail me in setting up Guest Additions for a Debian-based machine inside VirtualBox. Once this process has completed, we can now install the Guest Additions themselves.

Installing VirtualBox Guest Additions in Kali
While engaged in the Virtual system, in the Oracle VM application menu, go to the Devices dropdown menu again. Notice the "Insert Guest Additions CD" option. Select it. You will get a pop-up inside Kali asking you if you want to run the file. If it succeeds, great! If not, that's not a problem. In my experience, it has never worked off the bat, so I click cancel.

Selecting the "Insert Guest Additions CD" menu option has inserted a virtual disk into your virtual machine. The files on this disk can be found in the folder: /media/cdrom/. Confirm that they are there by navigating to this folder in the graphical file system manager or in a terminal.

To install the Guest Additions for Kali, we need to run the file on the Guest Additions cd. However, you cannot simply run the file from the /media/cdrom/ directory. First we need to copy it and change its permissions.

Copy the file to your Desktop from inside a terminal with the following command:
cp /media/cdrom/ /root/Desktop
You should see a copy of the file appear on the Desktop.  Change to the Desktop directory inside the terminal:
cd /root/Desktop
Change the permissions on the file with the following command:
chmod 755
Run the additions file:
Success? Success!

If you experience any snags along the way here, you'll have to do some trouble shooting. There is a ton of info online regarding installation of Guest Additions in VirtualBox VMs, likely in large part because the process can be tricky. Remember also, that support info for other Debian-based systems such as Ubuntu and CrunchBang will also apply to Kali in many cases. But the series of commands above has yet to fail me.

Upon successful installation of the Guest Additions, we have to shut down the machine for the updates to take effect. Reboot and log in as root again. Once the system reboots, the simplest way to confirm that the Guest Additions have been successfully installed is to see if you can maximize the window for the guest system. You should now also have code completion in the terminal, among other things. You can now eject the Guest Additions virtual CD from the Virtual cd drive. Click the Computer icon on the Desktop, then click eject under the devices menu.

We now have a fully updated fresh install of a Kali virtual machine with the VirtualBox Guest Additions installed. Let's shut down the machine, take a snapshot and switch the network adapter into bridged mode in preparation for the next tutorial.

Switching to Bridged Networking
After the VM has shut down and you've taken your snapshot, open up the settings of your new virtual system and go to the Network menu. Unless you've already chaned these settings, you should have network Adapter 1 enabled, and attached to NAT. Change the attachment to a bridged adapter. This will allow our guest to act as an independent host on our local network, rather than have its address translated by the host computer the virtualization software is running on.

Finally, the adapter Name has to connect up to the appropriate network adapter of the host machine, i.e. the one that is actually connected up to your local network, whether it is a wireless connection, an Ethernet connection, or whatever. The appropriate one should be selected by default. Click Okay.

Start up the guest. Open a terminal and ping a known website or host, or use a browser to visit a web page. If it works, CONGRATS! You're in bridged mode.

If you have no networking capability, and can't even ping other computers on your home network, let along a website. You have to do some trouble shooting. Here are some troubleshooting questions:
  • Are your networking settings correct in VirtualBox?
  • Is the adapter for the guest machine connected to the right interface on the host computer?
  • Is Kali's /etc/network/interfaces file structured properly?
  • Is the appropriate interface up as indicated by ifconfig?
  • Have you tried restarting Kali's networking service?
  • Is Kali's /etc/NetworkManager/NetworkManager.conf file structured properly?
  • Have you tried restarting the network-manager service?  
As the old saying goes, when all else fails, read the manuals!  

Setting up an Administrator Account
If you've followed along this far, you are now logged into your Kali VM as root, have a fully updated system, and the VirtualBox Guest Additions installed. It is not good to get into the habit of running everything in Kali as root. Best practices dictate setting up an administrator account and using sudo to run security-sensitive commands.

Create an administrator account by going to the root dropdown menu in the top right of the Kali Desktop. Then select: root => system settings -> user accounts -> create an administrator account. Create an administrator account with a separate password.  Then log out, and log back in with your new admin account.  Using an administrator account such as this creates a bit of extra work (ex. having to use sudo for otherwise everyday commands such as ifconfig, having do to a bit of extra configuration for applications such as Wireshark and Zenmap), but it is a good habit to get into so as to avoid becoming careless with the root account. After setting up an administrator account, shut down the machine and take another snapshot.

In part two, we will use two tools bundled in Kali to explore your home local area network. Thanks for following along. As always, leave any questions or comments below. 
Comments (2)

Hack Lab Intro: How to Set up a Home Hacking and Security Testing Lab


This series of articles comprises an introductory tutorial on how to set up a home lab to experiment with common hacking and information security testing tools. Our setup will  allow us to explore the sorts of computer and network vulnerabilities that can be encountered on the internet, and to test the security of our own home computer network and networked devices, all from within an isolated and secure working environment. The series is geared toward individuals who have little or no prior experience with virtualization software or common hacking and security testing tools, but are interested in exploring network and computer security.

Over the course of the tutorial series, we will create two separate network configurations. The first will be a completely virtual environment populated by two virtual guest systems running inside a single host computer. This requires nothing more than an internet connection for the necessary downloads, and a computer with relatively modest RAM and disk resources.

The second configuration will be an everyday local area network of the sort that can be found in many homes, but which is isolated from the internet and where we can strictly control and monitor all network traffic. This setup is slightly more involved in terms of hardware than the first, requiring also a spare router.

Our monitoring and attack system in both configurations will be an instance of a Kali Linux virtual machine running inside an installation of the VirtualBox software package on our primary computer. Kali is a Linux operating system distribution intended for security testing and digital forensics.

In the first completely virtual network environment, our victim will be an instance of  Metasploitable2, a virtual machine that exhibits vulnerabilities that can be found on  everyday computer systems and software configurations. As noted at Offensive Security, "Metasploitable is an intentionally vulnerable Linux virtual machine. This VM can be used to conduct security training, test security tools, and practice common penetration testing techniques."

In the second network configuration, we will use the Kali Linux virtual machine to compromise an everyday local area network router of the sort that can be found on many home networks, in order to demonstrate just how easy it can be to steal login credentials  passed from another computer on the network.

The tutorial is broken down into four parts:
  • Part 1 covers the installation of VirtualBox and provides a walk through of a full installation of a Kali virtual machine on your primary lab computer. Along the way, we'll take a short detour on how to quickly run live Kali sessions without a full installation of the machine.
  • Part 4 provides details on setting up our second network configuration, which models an everyday home local area network. With the attack machine, we'll conduct a simple man-in-the-middle attack against the network's router, and demonstrate a serious security vulnerability by stealing login credentials sent to it from the victim machine, in this case, the host computer. 
Comments (3)

Different Money For Your Different Life: Paypal Now Accepts Cryptocurrency For Digital Items

Bit by bit, digital currencies are becoming more mainstream.  With a variety of new places to spend your e-loot, it's no surprise to see Paypal is now accepting bitcoin for digital dealings.

As reported by, this idea has been underway for some time, with Ebay CEO John Donahoe saying that digital currency would play "an important role" for the company.  Wikipedia, Overstock, and other companies have already joined the cryptocurrency club, spurring Paypal's involvement.  They will generate profits from referral fees, which is normal for these type of transactions.

“PayPal is playing the role of the intermediary, but the cost will be left up to the merchant and the payment processor,” said Scott Ellison, a senior director at PayPal.

Paypal will collaborate with the BitPay, Coinbase and GoCoin services to secure the cryptocurrency transactions. Currently this will be available for vendors of digital items only, and exclusively in the United States. However, as this technology grows in popularity, many more items in a wider market could be available thanks to your bit-bank.

It's for digital items only!  Get back in the screen, e-presents!


Google Tests Internet-Enabling Drones; Polar Bears Can Soon Join Facebook

While those of us in the first world are bickering over how to make our internet even faster, there are those on the planet who are not fortunate enough to have any connectivity at all.  Google is now working in conjunction with a drone company to provide internet access to even the most remote areas.

As reported by, Google released a statement saying they have "recently acquired Titan Aerospace, a firm that specializes in developing solar and electric unmanned aerial systems ('UAS') for high altitude, long endurance flights." Along with plans to use high-altitude balloons and low-orbit satellites for the delivery of delicious internet, the Titan drones can use solar power and their five-year flight capacity to keep the world connected.

Google plans to test this idea in New Mexico, and they were quick to point out that they didn't want to step on the FCC's transmission toes. Their statement included the disclaimer, "Google understands that there may be some federal operations in the 900 MHz band in the vicinity of the test site...Google is prepared to coordinate with the National Telecommunications and Information Administration to avoid harmful interference to any federal operations."

If this idea proves fruitful, it could be used in a variety of situations requiring remote internet access. To far-flung regions that have been devastated by natural disaster or inclement weather, this could be an important aid for rescue operations or other distress signals. For war-torn regions run by despots who demand control of the peoples' link to the world, this could offer an alternative.

So yes, soon you may be able to watch cat GIFs in the middle of the desert, all thanks to the efforts of the search engine who just wants to be found.

"Finally, at long last, I may see what this 'Game Of Thrones' is all about."


Chomping At The Bit(coin): Paypal Now Accepts Popular Cryptocurrency

The bitcoin revolution has ascended rapidly, and the options for using cryptocurrency are expanding just as quickly to meet the demand. Now, the major online payment service PayPal has begun to accept bitcoin as part of its operations.

The internet-only monetary system of bitcoin has grown not only in popularity but in value recently, and according to, had been considered an option by PayPal in the past. PayPal has now officially adopted the cryptocurrency, which will help to speed along transactions completed via their subsidiary Braintree's mobile app, One Touch PayPal. This expedites e-payments using a program called Coinbase.

Braintree CEO Bill Ready stated, "This will be PayPal's first foray into bitcoin...We think both the One Touch mobile payments that we announced as well as bitcoin will be high interest to merchants."

PayPal customers, including the cab-hailing app Uber and the apartment-letting service Airbnb, will now be open to accepting your bit-loot. With the scope of the company's usage on the internet, many more vendors will likely follow this trend.

Lesser-known e-currency provider Dogecoin are just happy they have a cool racecar.


New Reddit AMA App: Learn From The Best

The popular news-aggregate website Reddit is known for offering a diverse array of topics to discuss and information to obtain.  Now, one of their most interesting and engaging features, Ask Me Anything (AMA), has been released in app form.

The premise of AMA is simple:  celebrities and important people of all ilk are invited to answer questions from the website's 3 million-odd usual users, who are identified only by their chosen username.  Other visitors, or "lurkers", are free to watch the dialogue unfold, but can only ask or respond to material by creating a username.  As for the subjects of these discussions, Reddit has hosted everyone from astronauts to video game developers, musicians to politicians.

According to the app download site, users can search past AMAs, stay informed on new ones, contribute material when an "ACTIVE" icon alerts as to a fresh installation, and of course use the site's standard upvote and downvote buttons to promote or disparage content.

So if you've ever wanted to know something seriously special about a celebrity, or tell an author how much their work meant to you, or just ask an important person you find interesting what their favorite type of snack food is, now the power is in the palm of your hand.  Use it wisely...the downvote brigades can be merciless.

Caution:  may be ridiculously addictive.


Congressional Vandals Blocked from Wikipedia

As the old saying goes, there is no distinctly criminal class in the United States, except for the Congress.  BBC reports that the US Congress IP address space has been banned from making edits on Wikipedia for repeated acts of intellectual dishonesty and digital vandalism.  Perhaps they should be arrested under the Computer Fraud and Abuse Act and sentenced to decades in prison.  Excerpt:
Wikipedia administrators have imposed a ban on page edits from computers at the US House of Representatives, following "persistent disruptive editing".
The 10-day block comes after anonymous changes were made to entries on politicians and businesses, as well as events like the Kennedy assassination . . .

Edits from computers using the IP address belonging to the House of Representatives have been banned before, following similar acts of vandalism . . . Jimmy Wales, the founder of Wikipedia, told the BBC that the incident did not surprise him, and vandalism has "always gone on and it always will".

Signal-Free Sipping At The Faraday Cafe

Ever wish you had a good excuse to turn off and tune out? Now, at one Canadian coffeeshop, the opportunity has presented itself through the truncation of technology. Welcome to the Faraday Cafe.

Designed by Vancouver artist Julien Thomas, the idea is a socially-minded art project that aims to see how people can allow themselves to react when unencumbered by their technological tethers. The cafe features a Faraday Cage, which blocks all cellphone and wifi signals inside its 8' by 16' perimeter.

“I’m interested in the interactions that can take place in certain scenarios,” Thomas told "There might be a sense of anxiety…but that’s not a bad thing.”

The Vancouver cafe will be open until July 16th for those who would fancy their coffee with a side of e-silence.
The effectiveness of an unrelated one-man Faraday Cage.  At Faraday Cafe, the only jolt you will get is from the caffeine.


Download Cat Videos In The Middle Of Nowhere, Thanks To Google's New Satellite Fleet

Hundreds of millions of prospective internet users may soon be granted access thanks to a new satellite fleet being developed by Google. According to the Wall Street Journal, Google has noted that "nearly two-thirds of the world's citizens have no access to the Internet at all", and they seek to remedy that via a combination of small satellites and drones.

The satellites, which are being developed for Google by O3B Networks (whose title refers to the "other three billion" people sans internet access) weigh in at a significantly small 250 pounds, and travel around 5,000 miles above the Earth's surface. Four satellites are currently in use, with four more slated to launch next month.

Read more about Google and O3B's project here.


June 5th: Reset the Net

Proponents of an open and secure internet are pushing back against indiscriminate surveillance this week. Tech Crunch has the details:
A number of websites for Internet services, businesses and even several nonprofits, including Amnesty International, Greenpeace,, and others, will participate in a series of online anti-NSA protests this week. The websites, which also include Reddit, Imgur, BoingBoing, DuckDuckGo, and several others are taking part in an online campaign called “Reset the Net,” which is specifically aimed at encouraging website owners and mobile app creators to integrate increased security protections into their services, like SSL and HSTS, for example. The overall goal is to make it more difficult for government agencies to engage in their spying activities.
Explains the campaign on its website, “The NSA is exploiting weak links in Internet security to spy on the entire world, twisting the Internet we love into something it was never meant to be: a panopticon.” While it’s not possible to stop the attacks, the site adds, those who offer users online services could help cut down on the mass surveillance by building proven security into the “everyday internet.”

Congressman Repays Official ISP Bribes with Sweetheart Bill

Don't say you're surprised.  Ars Technica has the gory details:
US Rep. Bob Latta (R-OH) on Wednesday filed legislation that would prevent the Federal Communications Commission from attempting to regulate broadband Internet service as a public utility.
It probably won't surprise you that Internet service providers have enthusiastically given money to this congressman. As we reported in our May 16 story "Bankrolled by broadband donors, lawmakers lobby FCC on net neutrality," Latta received $51,000 from cable company interests in the two-year period ending December 2013.

Survey: Comcast, Time Warner the Most Hated Companies in the United States

From BGR:
The only consumer survey that matters has found that among all businesses across every industry, Comcast and Time Warner Cable are the two most hated companies in America. The American Customer Satisfaction Index, which is put out quarterly by the University of Michigan’s Ross School of Business and is considered the most comprehensive customer satisfaction survey in the United States, has just come out with a new survey showing once again that Comcast and TWC have the lowest customer satisfaction ratings of any ISPs in the United States. And that’s not even the worst news for the two companies in the latest survey.

We asked ACSI to provide us with customer satisfaction scores for every company in every industry that they cover and it turns out that Comcast and TWC have the lowest customer satisfaction ratings of any of them.
In fact, Comcast and TWC’s Internet service businesses were the only two businesses in the United States to score below a 60 on the ACSI’s 100-point scale. What’s most amazing is that both Comcast and TWC have even lower customer satisfaction ratings than United Airlines, which has a notoriously bad reputation in an industry that, due in part to government security requirements, is known for delivering a miserable experience.

FCC Pushes Internet Discrimination Rules, Goes in for Kill Against Net Neutrality

Once again, the collusion of big government and big business has led to the further erosion of basic notions of freedom and equality in the United States.  From the New York Times:
The principle that all Internet content should be treated equally as it flows through cables and pipes to consumers looks all but dead.
The Federal Communications Commission said on Wednesday that it would propose new rules that allow companies like Disney, Google or Netflix to pay Internet service providers like Comcast and Verizon for special, faster lanes to send video and other content to their customers.
The proposed changes would affect what is known as net neutrality — the idea that no providers of legal Internet content should face discrimination in providing offerings to consumers, and that users should have equal access to see any legal content they choose.
This should come as a surprise to no one, or at least, to no one who has any sense of how US government functions under the Republican-Democrat two-party dictatorship.  Like so many government "regulatory" agencies, the FCC is nothing more than a perch for powerful corporate interests to wield their influence.  From Esquire:
For the past three years, Comcast's Senior VP of Governmental Affairs has been Meredith Baker. Baker's last job was the Commissioner of the Federal Communications Commission, where she signed off on the controversial NBCUniversal sale to Comcast in 2009.
Now we know that Baker, the former FCC Commissioner and a public official, was around to help make sure net neutrality died so Internet costs could soar, and that Time Warner Cable would be allowed to fold into Comcast, despite claims that the new megacorp might violate antitrust laws.
Perhaps it is unfair to single Baker out. She's no different from the rest of the scum at the  agency.  From Open Secrets:
Baker's transition from FCC leadership to industry isn't unprecedented. Michael Powell, the FCC chairman from 1997 to 2005, made a similar move, heading to the National Cable & Telecommunications Association, an industry group, in 2011 as its CEO. And Jonathan Adelstein, who was an FCC commissioner from 2002 to 2009, became the president and CEO of PCIA: The Wireless Infrastructure Association in 2012.

Four other former FCC employees have followed Baker's path to Comcast. They include Rudy Brioche, who worked as an advisor to former commissioner Adelstein before moving to Comcast as its senior director of external affairs and public policy counsel in 2009. Brioche was so valued by the FCC, in fact, that he was brought in to join the commission's Advisory Committee for Diversity in the Digital Age in 2011.

Other revolving Comcast lobbyists include James Coltharp, who served as a special counsel to commissioner James H. Quello until 1997, and Jordan Goldstein, who worked as a senior legal adviser to commissioner Michael J. Copps. John Morabito, who served a number of roles in the FCC's Common Carrier Bureau, joined Comcast as one of its senior lobbyists in 2004. (He is no longer with the company.)
Meanwhile, secret negotiations on the Trans-Pacific-Partnership continue apace, and will likely lead to further restrict the semblance of freedom on the internet.  

AT&T May Expand Fiber Network

From Ars Technica:
Two months after Google announced that it will try to bring fiber Internet to 34 cities in nine metro areas, AT&T today said it will "expand its ultra-fast fiber network to up to 100 candidate cities and municipalities nationwide, including 21 new major metropolitan areas."
Before anyone gets too excited, AT&T isn't promising that it will actually build in any or all of these cities. "This expanded fiber build is not expected to impact AT&T’s capital investment plans for 2014," the company's announcement said, possibly to assure investors that it isn't wasting money.
But AT&T will consider building in the cities that provide the best options.
"AT&T will work with local leaders in these markets to discuss ways to bring the service to their communities," the company said.

Why We Need Decentralized DNS . . .

Last week, the US government announced that the Commerce Department would relinquish control over internet root servers and open the process to the so-called multi-stakeholder model.  Many are not holding their breath. From Wired UK:
The battle over the future of the internet has begun in earnest. Bear with us: it's immensely technical, but it's also immensely important.
Because the internet first emerged, grew, and prospered in the United States, the US government has a special relationship and disproportionate influence over what is now regarded as a global public good. While the US is unwilling to relinquish its role as chief internet steward, this is becoming an increasingly untenable position, particularly as the NSA/Snowden revelations continue to shake global confidence.
In this context, and perhaps accelerated by last week's damning critiques in the European Parliament and the UN Human Rights Council, the US government announced late on Friday, in a smart front-footed move, that it intends to release oversight of its long-treasured IANA contract under which the US Commerce Department contracts ICANN, a private US company, to perform key internet administration tasks. The government has proposed a transition plan for these tasks to be administered directly by the "global multistakeholder community" (read: ICANN), via a process to be determined by ICANN and approved by the US government in September 2015. This prescriptive, carefully-limited announcement is the long-awaited fulfilment of a promise made 16 years ago when ICANN first came into being, and it would be the first time since the net's inception that the US government would abandon formal oversight. Of course, US vested interests in ICANN as a US-based company, subject to US law, and partial to US industry, remain, as does the almighty US technical and economic leverage over the digital ecosystem.
You might think (and you'd be right), that it is rather odd that one country, and indeed one company, even holds this net administration contract. But such are the breaks of history and the clutch of commerce.

Facebook to Government: Back Off! Spying on Facebook Users is OUR Job!

From the NYT:
Mark Zuckerberg, the co-founder and chief executive of Facebook, has complained directly to President Obama about the continuing revelations that the United States government has secretly spied on the activities of some of his company’s 1.2 billion users.
Mr. Zuckerberg spoke with the president on Wednesday following the most recent news report on the National Security Agency’s surveillance tactics. The account, published in The Intercept from documents leaked by the former N.S.A. contractor Edward J. Snowden, described how government computers sometimes masqueraded as Facebook servers in order to send malicious software to infect the machines of Facebook users. The documents say the process was automated so the N.S.A. could target millions of people for the attacks.

NSA Spreads Malware By the Millions

From the Intercept:
Top-secret documents reveal that the National Security Agency is dramatically expanding its ability to covertly hack into computers on a mass scale by using automated systems that reduce the level of human oversight in the process.
The classified files – provided previously by NSA whistleblower Edward Snowden – contain new details about groundbreaking surveillance technology the agency has developed to infect potentially millions of computers worldwide with malware “implants.” The clandestine initiative enables the NSA to break into targeted computers and to siphon out data from foreign Internet and phone networks.
The covert infrastructure that supports the hacking efforts operates from the agency’s headquarters in Fort Meade, Maryland, and from eavesdropping bases in the United Kingdom and Japan. GCHQ, the British intelligence agency, appears to have played an integral role in helping to develop the implants tactic.
In some cases the NSA has masqueraded as a fake Facebook server, using the social media site as a launching pad to infect a target’s computer and exfiltrate files from a hard drive. In others, it has sent out spam emails laced with the malware, which can be tailored to covertly record audio from a computer’s microphone and take snapshots with its webcam. The hacking systems have also enabled the NSA to launch cyberattacks by corrupting and disrupting file downloads or denying access to websites.

Policy Makers Likely Even More Ignorant Than the Public on Tech Security Matters

The other day, we poked some fun at the US public for ignorance of basic tech-related terminology.  Much more serious, however, is the depth of ignorance and incompetence common among public officials who hold sway over cyber-policy decisions.  Whether it is a "cybersecurity" official who doesn't know what an ISP is, a judge who doesn't understand  email or a technophobic luddite who controls the Department of Homeland Security . . .  these people's ignorance actually puts the public at large in danger, and represent real threats to our security not to mention our civil liberties.  Of course, one would not expect anything less from the Democrats and Republicans.  From the Guardian:
One of the world’s leading cyberwarfare experts has warned of the damaging lack of government literacy in cybersecurity issues, pointing out that some senior officials don’t know how to use email, and that one US representative about to negotiate cybersecurity with China asked him what an “ISP” was. . . .

Yet former head of US homeland security Janet Napolitano once told Singer. “Don’t laugh, but I just don’t use email at all,” Singer recalled. “It wasn’t a fear of privacy or security - it’s because she just didn’t think it was useful. A supreme court justice also told me ‘I haven’t got round to email yet’ - and this is someone who will get to vote on everything from net neutrality to the NSA negotiations.”

Obama himself, Singer said, had expressed concern that the complexity of the issue was overwhelming policy makers.
Ignorance hiding behind complexity.  I'm sure they'll find a way to simply it for themselves while making the rest of us less secure and less free at the same time.  Win/win from their end, I suppose.  

How Many Americans Think They Can Catch an STD from their Computer?

If only there were a place where people had access to vast troves of information, and could seek it out to inform themselves about things they do not understand . . . From the LA Times:
A recent study found that many Americans are lost when it comes to tech-related terms, with 11% saying that they thought HTML — a language that is used to create websites — was a sexually transmitted disease.  The study was conducted by, a coupons website, as a way to determine how knowledgeable users are when it comes to tech terms . . . Besides HTML, there were some other amusing findings:
  • 77% of respondents could not identify what SEO means. SEO stands for "Search-Engine Optimization"
  • 27% identified "gigabyte" as an insect commonly found in South America. A gigabyte is a measurement unit for the storage capacity of an electronic device.
  • 42% said they believed a "motherboard" was "the deck of a cruise ship." A motherboard is usually a circuit board that holds many of the key components of a computer.
  • 23% thought an "MP3" was a "Star Wars" robot. It is actually an audio file.
  • 18% identified "Blu-ray" as a marine animal. It is a disc format typically used to store high-definition videos.
  • 15% said they believed "software" is comfortable clothing. Software is a general term for computer programs.
  • 12% said "USB" is the acronym for a European country. In fact, USB is a type of connector.
Despite the incorrect answers, 61% of the respondents said it is important to have a good knowledge of technology in this day and age.
Yes, the majority think it is important to have a good understanding of technology, but many apparently do not think it is important enough to, you know, actually go and inform themselves about it.  These are, of course, the same people who continue to vote for Democrats and Republicans year after year.  One wonders how many people think they can catch a virus from their computer. 


Predictable: UK Internet Censorship Official Arrested for Child Pornography

It appears one of the higher up UK officials in charge of crafting that government's internet censorship policy and "pornography filter" is himself a pedophile and likely child pornographer.  You can't make this stuff up folks.  These people are degenerate scum.  One wonders how many other pedos there are wandering the halls of Downing Street.  From the Guardian:
A senior aide to David Cameron resigned from Downing Street last month the day before being arrested on allegations relating to child abuse images.  Patrick Rock, who was involved in drawing up the government's policy for the large internet firms on online pornography filters, resigned after No 10 was alerted to the allegations.
Rock was arrested at his west London flat the next morning. Officers from the National Crime Agency subsequently examined computers and offices used in Downing Street by Rock, the deputy director of No 10's policy unit, according to the Daily Mail, which disclosed news of his arrest.  No 10 confirmed on Monday evening that Rock had been arrested. A spokesman: "On the evening of 12 February, Downing Street was first made aware of a potential offence relating to child abuse imagery. It was immediately referred to the National Crime Agency (CEOP).

Outernet: Project Seeks to Create Worldwide Free Satellite Internet

From Outernet:
Outernet connects everyone around the globe.
There are more computing devices in the world than people, yet only 60% of the global population has access to the wealth of knowledge found on the Internet. The price of smartphones and tablets is dropping year after year, but the price of data in many parts of the world continues to be unaffordable for the majority of global citizens. In some places, such as rural areas and remote regions, cell towers and Internet cables simply don't exist. The primary objective of the Outernet is to bridge the global information divide.
Broadcasting data allows citizens to reduce their reliance on costly Internet data plans in places where monthly fees are too expensive for average citizens. And offering continuously updated web content from space bypasses censorship of the Internet. An additional benefit of a unidirectional information network is the creation of a global notification system during emergencies and natural disasters.
Access to knowledge and information is a human right and Outernet will guarantee this right by taking a practical approach to information delivery. By transmitting digital content to mobile devices, simple antennae, and existing satellite dishes, a basic level of news, information, education, and entertainment will be available to all of humanity.
Although Outernet's near-term goal is to provide the entire world with broadcast data, the long-term vision includes the addition of two-way Internet access for everyone. For free.

Google Exploring Plans to Roll Out Fiber to 34 New Cities

Given the planned Comcast/Time Warner merger, we need as much real competition as we can get.  From Google:
Over the last few years, gigabit Internet has moved from idea to reality, with dozens of communities (PDF) working hard to build networks with speeds 100 times faster than what most of us live with today. People are hungrier than ever for faster Internet, and as a result, cities across America are making speed a priority. Hundreds of mayors from across the U.S. have stated (PDF) that abundant high-speed Internet accessPortland, Nashville (PDF) and dozens of others have made high-speed broadband a pillar of their economic development plans. And Julian Castro, the mayor of San Antonio, declared in June that every school should have access to gigabit speeds by 2020.

We've long believed that the Internet’s next chapter will be built on gigabit speeds, so it’s fantastic to see this momentum. And now that we’ve learned a lot from our Google Fiber projects in Kansas City, Austin and Provo, we want to help build more ultra-fast networks. So we’ve invited cities in nine metro areas around the U.S.—34 cities altogether—to work with us to explore what it would take to bring them Google Fiber.
is essential for sparking innovation, driving economic growth and improving education.

Europe Considers Digital Independence

From the Register:
German Chancellor Angela Merkel has lent her support to the idea of building
out new European data networks to help keep Europeans' email and other data out of the hands of US spies.
In the latest edition of her weekly podcast on Saturday, Merkel said she planned to raise the issue among other topics in a meeting with French President François Hollande this week.
"We'll talk, above all, about which European suppliers we have that provide security for the citizens," Merkel said, speaking in German, "that they need not cross the Atlantic with their emails and other things, but we can also build communications networks within Europe."

Big Government and Big Business Collude to Outlaw Municipal Broadband

As if you needed another reason to detest the dictatorship of the two-party state.  From Ars Technica:
It's no secret that private Internet service providers hate when cities and towns decide to enter the telecommunications business themselves. But with private ISPs facing little competition and offering slow speeds for high prices, municipalities occasionally get fed up and decide to build their own broadband networks.
To prevent this assault on their lucrative revenue streams, ISPs have teamed up with friends in state legislatures to pass laws that make it more difficult or impossible for cities and towns to offer broadband service.
Attorney James Baller of the Baller Herbst Law Group has been fighting attempts to restrict municipal broadband projects for years. He's catalogued restrictions placed upon public Internet service in 20 states, and that number could be much higher already if not for the efforts of consumer advocates.

UT: ISPs Continue Fight Against Competition and Better Service

From Ars Technica:

Kansas isn't the only state considering legislation that would limit the growth of government-funded broadband networks that threaten incumbent Internet service providers.

The latest such attempt we've learned of is a Utah House bill called the "Interlocal Entity Service Prohibition," which would prevent a regional fiber consortium from building infrastructure outside the boundaries of its member cities and towns.

While it would affect any such group, the bill seems to be directed at UTOPIA, the Utah Telecommunication Open Infrastructure Agency, a consortium of 16 cities that operates a fiber-to-the-premises broadband network. The bill explicitly targets fiber only, not affecting cable or other types of networks.
"It actually is aimed specifically at UTOPIA," the group's legislative policy director, Gary Crane, told Ars. Crane is also a city attorney for Layton, one of UTOPIA's member municipalities. "I think there's probably a lot of fear in those who hold the monopoly currently in our cities that this model may be a good model for other cities to adopt." 
The bill, sponsored by Republican legislator Curt Webb, "prohibits an interlocal entity that provides telecommunication service through a fiber optic network from constructing infrastructure or providing telecommunication service in locations outside the boundaries of its members."

We've tried to reach Webb by e-mail and phone but haven't heard back yet.
UTOPIA's network is open access, allowing private Internet service providers to sell broadband over the fiber.
Of course, this is not surprising, the very notion of utopia is anathema to the alliance of Big Business and Big Government.

Children Easily Bypass UK's Internet Censorship Filters, Parents Still Incompetent

Why won't these children think of the children?! From the BBC:
Filters put in place by parents to stop children viewing inappropriate content are easily bypassed by the youngsters themselves, according to a nreport from regulator Ofcom.
It found that 18% of 12-15-year-olds know how to disable internet filters.
Almost half of children aged 12-15 know how to delete their browsing history and 29% can amend settings to mask their browser activity.   Some 83% of eight to 11 year-olds said they knew how to stay safe online. . . . 
According to the report, many parents feel their computing skills are far inferior to their children's.  Almost half (44%) of parents with children aged between eight and 11 say their child knows more about the internet than they do. That rises to 63% for parents of 12-15-year-olds.
In other words, hysterical helicopter parents and safety fetishists have succeeded only in preventing themselves and their technophobic peers from accessing "objectionable" content online.

Schneier: "In the coming years we're seeing a lot more power struggles play out on the internet."

From an interview with Vice, Bruce Schneier speculates about how power struggles will play out on the internet in the coming years:
The internet is interesting because it really changes so many things. When the internet was born, there was this belief that it would vastly change the power structure. There's a great quote from John Perry Barlow in the mid-'90s at the World Economic Forum, and he basically says the governments of the world have no business on the internet, that have no power over the internet. You can't legislate it. The internet is it's own thing. It's a really utopian way of looking at the world, but we believed it. We believed the internet would change the world, would give power to the powerless. And it did, for many years. The ability to organize, to coordinate—it made so many things different.
And that changed recently. Governments discovered the internet. So now we're seeing that in China, for example, the internet is a tool of social control, and now both sides are using the internet. The Syrian dissidents are using the internet to organize, the Syrian government uses the internet to round up dissidents. That interplay between the institutionally powerful—the governments and corporations—and the distributively powerful—dissident groups, criminals, and hackers. How they both use the internet to increase their power, how they use the internet against each other, I think is fascinating. It's something that we need to look at. In the coming years we're seeing a lot more power struggles play out on the internet. And I'm just curious how that's gonna end up—it's not at all obvious.


Harlem to Become Nation's Largest Public Wifi Zone

Mayor Michael R. Bloomberg today announced the launch of a new outdoor
public WiFi network in Harlem accessible to all users at no cost. The Harlem WiFi network will extend 95 city blocks, from 110th to 138th Streets between Frederick Douglass Boulevard and Madison Avenue making it the largest continuous free outdoor public wireless network in the nation. The network, which will be rolled out in three phases in coordination with the city’s Technology Development Corporation and the Department of Information Technology and Telecommunications, will increase digital access for approximately 80,000 Harlem residents, including 13,000 public housing residents, as well as businesses and visitors in the area.
The free public network will serve the community for an initial five-year term and is funded through a generous donation from the Fuhrman Family Foundation to the Mayor’s Fund to Advance New York City. The first phase, extending from 110th to 120th Streets between Madison Avenue and Frederick Douglass Boulevard, is underway and the remaining phases will be complete by May 2014. The Mayor was joined at the announcement by Chief Information and Innovation Officer Rahul Merchant, Glenn and Amanda Fuhrman, Mayor’s Fund to Advance New York City President Megan Sheekey, Chief Digital Officer Rachel Haot, New York City Housing Authority Chairman John Rhea and Harlem Children’s Zone President and Chief Executive Officer Geoffrey Canada.
“Our new Harlem wireless network brings critical connectivity to residents and visitors, giving them 24/7 access to everything from education materials for kids, to information about Harlem’s rich history and attractions, to everyday needs like paying bills, checking library hours – or even just keeping tabs on the Knicks and Nets,” said Mayor Bloomberg. “In 2013 being successful requires being connected; thanks to the Fuhrman Family Foundation and the Mayor’s Fund, we are wiring nearly 100 blocks in Harlem and giving 80,000 New Yorkers another tool for success.”

Two Major Internet Data Breaches

Someone's been rerouting traffic from the internet information fire hose.  From Wired:
In 2008, two security researchers at the DefCon hacker conference demonstrated a massive security vulnerability in the worldwide internet traffic-routing system — a vulnerability so severe that it could allow intelligence agencies, corporate spies or criminals to intercept massive amounts of data, or even tamper with it on the fly.
The traffic hijack, they showed, could be done in such a way that no one would notice because the attackers could simply re-route the traffic to a router they controlled, then forward it to its intended destination once they were done with it, leaving no one the wiser about what had occurred.
Now, five years later, this is exactly what has occurred. Earlier this year, researchers say, someone mysteriously hijacked internet traffic headed to government agencies, corporate offices and other recipients in the U.S. and elsewhere and redirected it to Belarus and Iceland, before sending it on its way to its legitimate destinations. They did so repeatedly over several months. But luckily someone did notice.
What the surveillance state security hysterics fail to understand is that any breach of informational security in the name of security makes everyone less secure on the internet. In related news, 2 million passwords have been compromised from some of the biggest names in the tech industry:
Hackers have stolen usernames and passwords for nearly two million accounts at Facebook, Google, Twitter, Yahoo and others, according to a report released this week.

The massive data breach was a result of keylogging software maliciously installed on an untold number of computers around the world, researchers at cybersecurity firm Trustwave said. The virus was capturing log-in credentials for key websites over the past month and sending those usernames and passwords to a server controlled by the hackers.

FCC Chair Open to Class-Based Internet Access

From Public Knowledge:
Yesterday, new FCC Chairman Tom Wheeler delivered his first formal public address.  After a prepared speech that explained his regulatory approach, he moved to a Q&A session.  In that session, he appeared to endorse the opposite of net neutrality: allowing ISPs to charge websites and services in order to reach that ISP’s subscribers.   In other words, giving ISPs the power to pick winners and losers online.

HTTPS: Toward a Secure Internet

There seems to be strong consensus to increase the use of encryption on the Web, but there is less agreement about how to go about this. The most relevant proposals were: 
A. Opportunistic encryption for http:// URIs without server authentication -- a.k.a. "TLS Relaxed" as per draft-nottingham-http2-encryption.

B. Opportunistic encryption for http:// URIs with server authentication -- the same mechanism, but not "relaxed", along with some form of downgrade protection.

 C. HTTP/2 to only be used with https:// URIs on the "open" Internet. http:// URIs would continue to use HTTP/1 (and of course it would still be possible for older HTTP/1 clients to still interoperate with https:// URIs).

In subsequent discussion, there seems to be agreement that (C) is preferable to (B), since it is more straightforward; no new mechanism needs to be specified, and HSTS can be used for downgrade protection. (C) also has this advantage over (A), and furthermore provides stronger protection against active attacks. The strongest objections against (A) seemed to be about creating confusion about security and discouraging use of "full" TLS, whereas those against (C) were about limiting deployment of better security.

Keen observers have noted that we can deploy (C) and judge adoption of the new protocol, later adding (A) if neccessary. The reverse is not necessarily true.
Comments DDoS Tools Spread Online

From Ars Technica:
Researchers have uncovered software available on the Internet designed to overload the struggling website with more traffic than it can handle.
"ObamaCare is an affront to the Constitutional rights of the people," a screenshot from the tool, which was acquired by researchers at Arbor Networks, declares. "We HAVE the right to CIVIL disobedience!"
In a blog post published Thursday, Arbor researcher Marc Eisenbarth said there's no evidence has been subjected to any significant denial-of-service attacks since going live last month.

Los Angeles Plans Ambitious Broadband Project

Is the internet a utility? From Ars Technica:
Los Angeles is about to unleash one of the most ambitious city-led broadband projects to date, with the goal of bringing fiber to all of its 3.5 million residents and all businesses.
Next month, the city plans to issue an RFP (request for proposals) "that would require fiber to be run to every residence, every business, and every government entity within the city limits of Los Angeles," Los Angeles Information Technology Agency GM Steve Reneker told Ars today. The City Council this morning unanimously voted to move forward with drafting the RFP and will vote again in a few weeks to determine whether it's ready for release, he said.


iGoogle Goes the Way of Reader

From The Next Web:
RIP another Google service: iGoogle, the company’s personalized Web portal product, finally bit the dust today, some eight months after its shutdown was announced.
iGoogle has slipped into the darkness quietly: there’s no final blog post marking its demise and the URL for the service — — now navigates directly to Google’s regular search page.
While it wasn’t as successful or well-used as Google Reader, the RSS service that went offline in July, iGoogle was popular with some who appreciated the ability to customize the Google search page with news feeds, games, widgets and other information that was easy to glance at and digest over the course of a day.

Filling the Vacuum After the Silk Road Bust

From Atlantisblog:
It’s almost two weeks since I reported on the race to create Silk Road 2.0 and it seems the mass migration is well underway with existing sites busting at the seams to accommodate the huge increase in traffic with some sites witnessing a 600% increase in listings in two weeks alone and with several more in the final stages of testing it looks like it won’t be long before silk roads legacy of 12,000 drug listings are divided out among its suitors. So who will be the big winners and losers in the battle for the spoils? Well it would seem Sheep Marketplace with its slick interface and easy to navigate listings has seen the biggest explosion in growth while the well established heir to the throne Black Market Reloaded has almost doubled it number of drug listings despite having to temporally close the site on several occasions due to huge influx of traffic and a security breach on another occasion.

This morning the Silk Road subreddit graced me with a list containing links to many new TOR marketplace sites and since many of these are still untested and unproven I decided now might be a good time to assess the state of the union and check  each of them out for myself.

The rest of this post goes into quite a bit of detail on each market so if you are looking for a tl;dr It’s my opinion the new Silk Road [2.0] site is going to be the one to watch and for second place it’s a total free for all.  Below are the most promising sites I’ve seen, I could have listed more but if you cant get what your looking for on one of these I don’t think it exists.

Germany Plans National Communications Network Hub

From The Local:
Telekom now wants to go a step further by using domestic only connections to protect the private data of German users in the wake of the NSA spying scandal. Whistleblower Edward Snowden revealed a massive electronic surveillance programme by the US and British security agencies.

Email data is currently exchanged between users worldwide via international network hubs, where the data is processed and then sent on to its destination.

But this system has come into disrepute since information leaked by Snowden showed the US and UK governments had used the hubs to spy on millions of private emails.

Deutsche Telekom's plan would change the system so that emails between German users are no longer transferred via the international hubs, but stay in networks within German borders.

ICANN Concerned Massive Government Surveillance Erodes Trust and Confidence in Internet

A statement issued by ICANN:
The leaders of organizations responsible for coordination of the Internet technical infrastructure globally have met in Montevideo, Uruguay, to consider current issues affecting the future of the Internet.
The Internet and World Wide Web have brought major benefits in social and economic development worldwide. Both have been built and governed in the public interest through unique mechanisms for global multistakeholder Internet cooperation, which have been intrinsic to their success. The leaders discussed the clear need to continually strengthen and evolve these mechanisms, in truly substantial ways, to be able to address emerging issues faced by stakeholders in the Internet.
In this sense:
  • They reinforced the importance of globally coherent Internet operations, and warned against Internet fragmentation at a national level. They expressed strong concern over the undermining of the trust and confidence of Internet users globally due to recent revelations of pervasive monitoring and surveillance.
  • They identified the need for ongoing effort to address Internet Governance challenges, and agreed to catalyze community-wide efforts towards the evolution of global multistakeholder Internet cooperation.
  • They called for accelerating the globalization of ICANN and IANA functions, towards an environment in which all stakeholders, including all governments, participate on an equal footing.
  • They also called for the transition to IPv6 to remain a top priority globally. In particular Internet content providers must serve content with both IPv4 and IPv6 services, in order to be fully reachable on the global Internet. 

Stop the Trans-Pacific Partnership's Attack on Open Internet

From the Electronic Frontier Foundation:
President Obama was scheduled to meet with the leaders of the other eleven countries negotiating the Trans-Pacific Partnership agreement ahead of the Asia-Pacific Economic Cooperation (APEC) meeting in Bali, supposedly to plan the “end-game” for this massive trade deal. However, he has made a sudden decision to cancel his trip, claiming that this was a casualty of the government shutdown. Obama's announcement adds to the impression that goal of completing TPP at APEC has become unobtainable and reveal how precariously the negotiations are going.
There are reports that the remaining TPP country leaders who will be attending the APEC meeting will still be convening “with the aim of hammering out a framework.” As we've also previously mentioned, smaller issue-specific intersessional meetings have also grown more frequent and gone even further underground. So while the news of his trip getting cancelled is indeed welcome news, the TPP still could be signed even as its contents remain hidden from the public.
We only know what kind of copyright enforcement provisions are in this agreement due to leaks, but what we do know for sure is that this agreement is driven by corporate interests who want to enact their own digital policy standards through an undemocratic, backdoor process. We need to spread the word about the TPP far and wide . . . 


Facebook-Led Tech Group Seeks to Expand Internet Access

From the New York Times:
On Wednesday, Facebook announced an effort aimed at drastically cutting the cost of delivering basic Internet services on mobile phones, particularly in developing countries, where Facebook and other tech companies need to find new users. Half a dozen of the world’s tech giants, including Samsung, Nokia, Qualcomm and Ericsson, have agreed to work with the company as partners on the initiative, which they call
The companies intend to accomplish their goal in part by simplifying phone applications so they run more efficiently and by improving the components of phones and networks so that they transmit more data while using less battery power.

Google Goes Offline, Internet Traffic Drops 40%

What did you do during the blackout?  From The Register:
The event began at approximately 4:37pm Pacific Time and lasted between one and five minutes, according to the Google Apps Dashboard. All of the Google Apps services reported being back online by 4:48pm.

The incident apparently blacked out every service Mountain View has to offer simultaneously, from Google Search to Gmail, YouTube, Google Drive, and beyond.
Big deal, right? Everyone has technical difficulties every once in a while. It goes with the territory.

But then, not everyone is Google. According to web analytics firm GoSquared, worldwide internet traffic dipped by a stunning 40 per cent during the brief minutes that the Chocolate Factory's services were offline.

Users Scramble to Download Pirate Bay's Anti-Censorship Browser

From Torrent Freak:
Within three days of its launch The Pirate Bay’s PirateBrowser, which allows people to bypass ISP filtering and access blocked websites, has already been downloaded more than 100,000 times. The Pirate Bay team say they never expected the browser to catch on this quickly, while noting that they are determined to provide more anti-censorship tools.

On the occasion of its 10th anniversary last Saturday, The Pirate Bay sent out a gift to its users – the PirateBrowser.  Blocked by court orders all over the world, Pirate Bay is arguably the most censored website on the Internet. The PirateBrowser software allows people to bypass these restrictions.

It appears that the browser idea is right on the money. New statistics revealed today show that blocked users have been downloading the tool en masse . . .

Wikimedia to FastTrack HTTPS in Response to Surveillance Leaks

From Wikimedia:
The Wikimedia Foundation believes strongly in protecting the privacy of its readers and editors. Recent leaks of the NSA’s XKeyscore program have prompted our community members to push for the use of HTTPS by default for the Wikimedia projects. Thankfully, this is already a project that was being considered for this year’s official roadmap and it has been on our unofficial roadmap since native HTTPS was enabled. Our current architecture cannot handle HTTPS by default, but we’ve been incrementally making changes to make it possible. Since we appear to be specifically targeted by XKeyscore, we’ll be speeding up these efforts . . . 

Lavabit Shuts Down Email Service Rather Than Comply With Government

Lavabit is (or rather was) an email service that took its users' privacy seriously.  And for that reason it appears the service has been forced to shut down.  From owner Ladar Levison:
My Fellow Users,
I have been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly ten years of hard work by shutting down Lavabit. After significant soul searching, I have decided to suspend operations. I wish that I could legally share with you the events that led to my decision. I cannot. I feel you deserve to know what’s going on--the first amendment is supposed to guarantee me the freedom to speak out in situations like this. Unfortunately, Congress has passed laws that say otherwise. As things currently stand, I cannot share my experiences over the last six weeks, even though I have twice made the appropriate requests.
What’s going to happen now? We’ve already started preparing the paperwork needed to continue to fight for the Constitution in the Fourth Circuit Court of Appeals. A favorable decision would allow me resurrect Lavabit as an American company.
This experience has taught me one very important lesson: without congressional action or a strong judicial precedent, I would _strongly_ recommend against anyone trusting their private data to a company with physical ties to the United States.
Ladar Levison
Owner and Operator, Lavabit LLC
Defending the constitution is expensive! Help us by donating to the Lavabit Legal Defense Fund here.

How To Access Someone's Stored Passwords on Google Chrome

If a trouble-making friend gained access to your browser, what could they access?  Depending on your choice of browser and its security settings, the answer may be: everything.  From The Guardian:
A serious flaw in the security of Google's Chrome browser lets anyone with access to a user's computer see all the passwords stored for email, social media and other sites, directly from the settings panel. No password is needed to view them.

Besides personal accounts, sensitive company login details would be compromised if someone who used Chrome left their computer unattended with the screen active.
Seeing the passwords is achieved simply by clicking on the Settings icon, choosing "Show advanced settings…" and then "Manage saved passwords" in the "Passwords and forms" section. A list of obscured passwords is then revealed for sites - but clicking beside them reveals the plain text of the password, which could be copied, or sent via a screenshot to an outside site.

Overcriminalization: Felony Streaming

Are you familiar with the term overcriminalization?  From Overcriminalized, a project of the Heritage Foundation:
“Overcriminalization” describes the trend in America – and particularly in Congress – to use the criminal law to “solve” every problem, punish every mistake (instead of making proper use of civil penalties), and coerce Americans into conforming their behavior to satisfy social engineering objectives. Criminal law is supposed to be used to redress only that conduct which society thinks deserving of the greatest punishment and moral sanction.
But as a result of rampant overcriminalization, trivial conduct is now often punished as a crime.  Many criminal laws make it possible for the government to convict a person even if he acted without criminal intent (i.e., mens rea). Sentences have skyrocketed, particularly at the federal level.
The Washington Post provides us with a perfect example of this creeping trend in US society and government.  The criminalization of online streaming.  Have you ever watched a streaming video on a site that may not have had all the proper licenses?  The federal government wants to make that a felony:
You probably remember the online outrage over the Stop Online Piracy Act (SOPA) copyright enforcement proposal. Last week, the Department of Commerce’s Internet Policy Task Force released a report on digital copyright policy that endorsed one piece of the controversial proposal: making the streaming of copyrighted works a felony.

As it stands now, streaming a copyrighted work over the Internet is considered a violation of the public performance right. The violation is only punishable as a misdemeanor, rather than the felony charges that accompany the reproduction and distribution of copyrighted material.

US Tech Companies Take Economic Hit in Aftermath of Surveillance Revelations

From the Washington Post:
There has been a lot of speculation that the revelations about NSA surveillance program PRISM damaged the credibility of U.S. tech companies, especially with international clients who were the primary targets of the snooping operation. But now it’s starting to look like the snooping is hitting U.S.-based cloud providers where it really hurts: Their pocketbooks.

Computer World UK reports a recent Cloud Security Alliance (CSA) survey found 10 percent of 207 officials at non-U.S. companies canceled contracts with U.S. providers after the leaks, and 56 percent of non-U.S. respondents are now hesitant to work with U.S.-based cloud operators.

Leaks of Dragnet Surveillance Inspire Changes in Web Habits

People who first recognized the scope of the potential threats to their online data privacy following the NSA leaks last month are now beginning to change their habits.  Or so it appears.  From the Boston Globe:
News of the US government’s secret surveillance programs that targeted phone records and information transmitted on the Internet has done more than spark a debate about privacy. Some are changing their online habits as they reconsider some basic questions about today’s interconnected world. Among them: How much should I share and how should I share it?

Some say they want to take preventative measures in case such programs are expanded. Others are looking to send a message — not just to the US government but to the Internet companies that collect so much personal information.

‘‘We all think that nobody’s interested in us, we’re all simple folk,’’ said Doan Moran of Alexandria, La. ‘‘But you start looking at the numbers and the phone records . . . it makes you really hesitate.’’


First They Came for the Pornographers . . .

A coalition of self-appointed moral censors and fear-mongering hysterics in the UK are pushing forward with a plan to implement the first stages of internet censorship under the guise of – what else?  – protecting the children!  From BBC:
Most households in the UK will have pornography blocked by their internet provider unless they choose to receive it, David Cameron has announced.
In addition, the prime minister said possessing online pornography depicting rape would become illegal in England and Wales - in line with Scotland.  Mr Cameron warned in a speech that access to online pornography was "corroding childhood".

The new measures will apply to both existing and new customers.  Mr Cameron also called for some "horrific" internet search terms to be "blacklisted", meaning they would automatically bring up no results on websites such as Google or Bing.

He told the BBC he expected a "row" with service providers who, he said in his speech, were "not doing enough to take responsibility" despite having a "moral duty" to do so.
He also warned he could have to "force action" by changing the law and that, if there were "technical obstacles", firms should use their "greatest brains" to overcome them.

Anti-Tracking, Anonymous Search Engines Bloom in Aftermath of Mass Surveillance Leaks

If you're not using a search engine such as Duck Duck Go, then it is very likely that the search engine you are using is tracking your every move.  Search engines that value privacy and anonymity online are entering a boom following revelations of mass dragnet internet surveillance by government and business.  From The Guardian:
Gabriel Weinberg noticed web traffic building on the night of Thursday 6 June – immediately after the revelations about the "Prism" programme. Through the programme, the US's National Security Agency claimed to have "direct access" to the servers of companies including, crucially, the web's biggest search engines – Google, Microsoft and Yahoo.

Within days of the story, while the big companies were still spitting tacks and tight-lipped disclaimers, the search engine Weinberg founded – which pledges not to track or store data about its users – was getting 50% more traffic than ever before. That has gone up and up as more revelations about NSA and GCHQ internet tapping have come in.

"It happened with the release by the Guardian about Prism," says Weinberg, right, a 33-year-old living in Paoli, a suburb of Philadelphia on the US east coast. "We started seeing an increase right when the story broke, before we were covered in the press." From serving 1.7m searches a day at the start of June, it hit 3m within a fortnight.
Yet you've probably never heard of DuckDuckGo.

Florida Lawmakers May Have Made Internet Illegal

As if you needed any more evidence of the ineptitude of U.S. lawmakers, here's a story out of Florida on a lawsuit alleging that state lawmakers have inadvertently made computers and smart phones illegal in their zeal to crack down on gambling at internet cafes.  From PC Mag:
A law passed earlier this year, which was intended to crack down on illegal gambling at Internet cafes, is worded in such a way that some are concerned that it might actually allow for a ban of all smartphones and computers in the state.
A lawsuit filed by café owner Consuelo Zapata argues that, among other things, the bill "interfere[es] with the promotion of goods and services — computers with Internet access — that are used for the communication of information and ideas."
The bill in question - HB 155 - was signed in to law by Gov. Rick Scott on April 10 and bans "electronic gambling devices."

Anti-Tech Security Hysteria

When the security hysterics among us get their feathers in a bunch, the first thing they seek to do to assuage their irrational fears is to demands that the rest of us comply with their insane proposals, no matter how inimical they are to liberty, rights or even security itself.  Tech Dirt takes down a prime example of anti-tech hysteria at the Washington Post:
Every time I think I've read the least well-thought out luddite argument, someone comes along to top it, and today we have columnist Robert Samuelson in the Washington post with what might be the silliest, most lacking-in-thought argument for why we should get rid of the internet. The short version: yes, the internet has provided us with some good stuff, but because there's a yet unproven risk that it might also lead to some cyberattacks that might lead to as yet undetermined problems, we should scrap the whole thing. Oddly, the WaPo had put different titles on the piece online and in the print newspaper. Online, it's entitled: "Beware the Internet and the danger of cyberattacks." In the physical paper, they apparently went with the much more ridiculous: "Is the Internet Worth It?" with the clear implication being a fulfillment of Betteride's Law that the answer is "no, the internet is not worth it."

Secure Quantum Internet

Government researchers have revealed that they have been working on a cryptographically secure quantum internet for over two years.  From MIT Technology Review:
One of the dreams for security experts is the creation of a quantum internet that allows perfectly secure communication based on the powerful laws of quantum mechanics.
The basic idea here is that the act of measuring a quantum object, such as a photon, always changes it. So any attempt to eavesdrop on a quantum message cannot fail to leave telltale signs of snooping that the receiver can detect. That allows anybody to send a “one-time pad” over a quantum network which can then be used for secure communication using conventional classical communication.   . . . .

Today, Richard Hughes and pals at Los Alamos National Labs in New Mexico reveal an alternative quantum internet, which they say they’ve been running for two and half years. Their approach is to create a quantum network based around a hub and spoke-type network. All messages get routed from any point in the network to another via this central hub. . . .

Senate Pushes Discriminatory Internet Tax Bill

From the Wall Street Journal:
As early as Monday, the Senate will vote on a bill that was introduced only last Tuesday. The text of this legislation, which would fundamentally change interstate commerce, only became available on the Library of Congress website over the weekend. . . .

For Senators curious about what they're voting on, it is the same flawed proposal that Mike Enzi (R., Wyo.) introduced in February. It has been repackaged to qualify for a Senate rule that allows Majority Leader Harry Reid to bypass committee debate and bring it straight to the floor.

Mr. Enzi's Marketplace Fairness Act discriminates against Internet-based businesses by imposing burdens that it does not apply to brick-and-mortar companies. For the first time, online merchants would be forced to collect sales taxes for all of America's estimated 9,600 state and local taxing authorities.

Beware of Government's Sock Puppet Propagandists

We're all well aware of the fact that governments and corporations routinely employ individuals to spread propaganda messages online.  But the military may soon be automating the process. From The Guardian:
The US military is developing software that will let it secretly manipulate social media sites by using fake online personas to influence internet conversations and spread pro-American propaganda.
A Californian corporation has been awarded a contract with United States Central Command (Centcom), which oversees US armed operations in the Middle East and Central Asia, to develop what is described as an "online persona management service" that will allow one US serviceman or woman to control up to 10 separate identities based all over the world.
The project has been likened by web experts to China's attempts to control and restrict free speech on the internet. Critics are likely to complain that it will allow the US military to create a false consensus in online conversations, crowd out unwelcome opinions and smother commentaries or reports that do not correspond with its own objectives.
The discovery that the US military is developing false online personalities – known to users of social media as "sock puppets" – could also encourage other governments, private companies and non-government organisations to do the same.


CISPA and the Corporate Lobby for Internet Censorship

Maplight reports that CISPA, the Cyber Intelligence Sharing and Protection Act, known to its critics as the internet censorship act, has picked up nearly three dozen co-sponsors in the US House following a corporate lobbying effort of IBM executives to their puppets in the legislature.  From Maplight:
On Monday, the same day that IBM flew nearly 200 executives to Washington D.C. to lobby Congress in support of CISPA, 35 members of the House signed onto the bill as new co-sponsors. Proir to Monday, CISPA had only 2 co-sponsors since being introduced in February.
On Tuesday, the Obama Administration issued a veto threat against the bill in its current form citing privacy concerns.
Data: MapLight analysis of reported contributions to the 35 new CISPA co-sponsors and the entire House from interest groups supporting and opposing CISPA.
  • New co-sponsors have received 37 times as much money ($7,311,336) from interests supporting CISPA than from interests opposing ($200,062).
  • Members of the House in total have received 16 times as much money ($67,665,694) from interests supporting CISPA than from interests opposing ($4,164,596).
The EFF and the ACLU have organized a campaign to defeat CISPA.  From the EFF:
CISPA is a dangerous "cybersecurity" bill that would grant companies more power to obtain "threat" information (such as from private communications of users) and to disclose that data to the government without a warrant -- including sending data to the National Security Agency.

CISPA was recently reintroduced in the House of Representatives. EFF is joining groups like ACLU and Fight for the Future in combating this legislation.  Last year, tens of thousands of concerned individuals used the EFF action center to speak out against overbroad and ineffective cybersecurity proposals. Together, we substantially changed the debate around cybersecurity in the U.S., moving forward a range of privacy-protective amendments and ultimately helping to defeat the Senate bill.

Sony Unveils World's Fastest Internet in Japan

It is widely known that in comparison with other countries, people in the United States pay more money for slower internet connections.  Yesterday, Sony unveiled the world's fastest internet in Japan. From Engadget:
Google Fiber might be making waves with its 1Gbps speeds, but it's no match for what's being hailed as the world's fastest commercially-provided home internet service: Nuro. Launched in Japan yesterday by Sony-supported ISP So-net, the fiber connection pulls down data at 2 Gbps, and sends it up at 1 Gbps.
Why is the US lagging so far behind in this important technological metric?  You know the answer: the collusion of big business and big government.  From Reuters:
The backbone of the Internet — fiber, cables, and copper wires – sounds boring. But these physical structures enable the bits and bytes that increasingly define our lives to flow to and from computers around the world. Without them, there’s no Internet. If they’re slow or outdated, they handicap our access to the digital world. Which means these boring pieces of hardware are a new battleground for access in our digital age.

In this interview, I speak with telecom policy expert Susan Crawford about the state of this backbone. She explains the technologies involved, the players who control them, and how the U.S. has already fallen well behind other developed nations when it comes to speeds and connectivity. Finally we talk about her prescription for how America can regain its preeminence — not just as the creators, but as the leaders — of the Internet.

Group Sues DHS for Info on Its Alleged Power to Shut Down Communications Networks

From Infowars:
The Electronic Privacy Information Center (EPIC) has filed Freedom of Information Act lawsuit against the Department of Homeland Security, in response to a failure by the agency to release any documents pertaining to the “Emergency Wireless Protocols,” (Standard Operating Procedure 303 or “SOP 303″).

SOP 303 outlines exactly how the DHS would carry out a complete communications shutdown in the event of what it deemed an emergency situation.

EPIC explains in its complaint that the DHS has publicly stated that under SOP 303 an agency component “will function as the focal point for coordinating any actions leading up to and following the termination of private wireless network connections, both within a localized area, such as a tunnel or bridge, and within an entire metropolitan area.”

The DHS, led by ‘Big Sis’ Janet Napolitano, said recently that it was “unable to locate or identify any responsive records” on the matter.

Corporate Internet Usage Monitoring Regime Begins Today

From The Daily Dot:
 most U.S. Internet users will be subject to a new copyright enforcement system that could slow the Internet to a crawl and force violators to take educational courses.  A source with direct knowledge of the Copyright Alert System (CAS), who asked not to be named, has told the Daily Dot that the five participating Internet service providers (ISPs) will start the controversial program Monday. The ISPs—industry giants AT&T, Cablevision, Comcast, Time Warner, and Verizon—will launch their versions of the CAS on different days throughout the week. Comcast is expected to be the first, on Monday.
The control of the internet by big business in collusion with big government should worry everyone who believes in a a free and open net.  From the Financial Times:
[Comcast's] meteoric rise in the past decade parallels the relative decline of internet service in the US. In the late 1990s the US had the fastest speeds and widest penetration of almost anywhere – unsurprisingly given that it invented the platform. Today the US comes 16th, according to the OECD, with an average of 27 megabits per second, compared with up to quadruple that in countries such as Japan and the Netherlands . . .
The FCC has been a good friend to Comcast and Time Warner Cable, the two largest cable providers that dominate US broadband. In contrast to the spread of electricity and telephones, where the US was far ahead of the rest of the world, Washington has abjured the same regulatory promotion for the internet. Through brilliantly effective lobbying, US cable companies have escaped the universal access and affordability clauses that were imposed on telecoms and electricity companies in earlier eras.


Mozilla Introduces Firefox PDF Viewer

From Mozilla:
Firefox for Windows, Mac and Linux introduces a built-in browser PDF viewer that allows you to read PDFs directly within the browser, making reading PDFs easier because you don’t have to download the content or read it in a plugin like Reader. For example, you can use the PDF viewer to check out a menu from your favorite restaurant, view and print concert tickets or read reports without having to interrupt your browsing experience with extra clicks or downloads.

IL Lawmakers Draft Bill to Prohibit Anonymity Online

Illinois Senate Bill 1614, sponsored by Sen. Ira Silverstein, from Legiscan:
Creates the Internet Posting Removal Act. Provides that a web site administrator shall, upon request, remove any posted comments posted by an anonymous poster unless the anonymous poster agrees to attach his or her name to the post and confirms that his or her IP address, legal name, and home address are accurate. Effective 90 days after becoming law.
Here is the top comment on the site:
We may have an early candidate for Worst Illinois Senate Bill of 2013.

First of all, Illinois does not have jurisdiction over the entirety of the internet. Illinois has jurisdiction over Illinois. Geographic location isn't all that important to the web hosting industry - for the most part, a datacenter in Chicago is just as good as one in, say, Dallas or Seattle. This means that the only thing this bill would actually succeed in doing is driving internet-related business (both individual online businesses, as well as the infrastructure that supports them, ie, webhosting companies and datacenters) out of the state.

Good job representing our interests there, Ira.

More importantly, though, this is plainly unconstitutional. It's absolutely embarrassing that any elected representative of US citizens would suggest that there should be a host of state-defined rules that must be met before one is allowed to exercise their first amendment right to free speech.

ISPs Want to Prevent Towns from Providing Internet Access

From Ars Technica:
Incumbent broadband providers are pushing legislation that would restrict Georgia towns from building municipal broadband networks. Under the proposal, if a single home in a census tract has Internet access at speeds of 1.5Mbps or above, the town would be prohibited from offering broadband service to anyone in that tract.

State-level restrictions on municipal broadband networks are not a new idea. Last year the South Carolina legislature passed a similar proposal with the support of AT&T. North Carolina passed similar legislation in 2011. The idea has been shot down in Indiana and a number of other states.

Municipal broadband opponents tried and failed to ban towns from building broadband networks in Georgia last year. But their case wasn't helped when AT&T's CEO said in a conference call: "we’re looking at rural America and asking, what’s the broadband solution? We don’t have one right now."
Comments (1)

Business and Government Collude Against the Consumer

Why is internet access more expensive and why are connections slower in the US than elsewhere?  The answer is the same as for virtually every conceivable industry: because of collusion between big business and big government.  From Gizmodo:
Here, Bill Moyers interviews Susan Crawford—former special assistant to President Obama for science, technology and innovation . . . During the interview, she explains how the US government has allowed media organizations to put profit ahead of public interest—through price hikes, rigged rules and stifling competition. As she explains, "the rich are getting gouged, the poor are very often left out, and this means that we're creating, yet again, two Americas, and deepening inequality through this communications inequality."

Public Wifi Coming to a Town Near You?

From the Washington Post:
The federal government wants to create super WiFi networks across the nation, so powerful and broad in reach that consumers could use them to make calls or surf the Internet without paying a cellphone bill every month.

The proposal from the Federal Communications Commission has rattled the $178 billion wireless industry, which has launched a fierce lobbying effort to persuade policymakers to reconsider the idea, analysts say. That has been countered by an equally intense campaign from Google, Microsoft and other tech giants who say a free-for-all WiFi service would spark an explosion of innovations and devices that would benefit most Americans, especially the poor.

German Court Rules Internet Is "Essential"

From Reuters:
A German court ruled on Thursday that people have the right to claim compensation from service providers if their Internet access is disrupted, because the Internet is an "essential" part of life . . .

Governments "Threatened by Freedom and Openness of Expression" on Internet

From an interview with Vint Cerf in the Financial Post:
VC: The Internet is threatened by governments that want to control content and use of the network. All of us have gotten accustomed to freedom of expression and freedom of access to content on the net, but we have also gotten accustomed to something called permissionless innovation, which is a phrase I use to explain why it’s so important to keep the network relatively open and freely accessible. It’s so that anyone who wants to try a new application out can just do so.

We all have to appreciate that there are harms that occur on the net, no one who tells you otherwise should be believed, there’s viruses, worms, trojan horses and other kinds of technical attacks on the net turning your machine into a member of a botnet that generates spam or generates denial of service attacks or directly goes after content on your machine, there’s key loggers that go looking for passwords and account numbers. Those are bad.

The problem is that sometimes the proposed cure is worse than the disease, and in some cases it is to shut down the Internet or block websites or to interfere with our ability to make use of the system, and these harms and their remedies are used as an excuse to prevent political speech, to prevent people from sharing information from knowing what is going on, it’s to obscure transparent visibility of what the government is doing. Governments that are authoritarian are feeling threatened by the freedom and openness of expression and discovery of information on the Internet so they will use any excuse they can find to shut that network down. That’s what you’re seeing right now.

The FBI Demands Back Door Internet Surveillance

The Republican-Democrat war on the fourth amendment continues apace.  From CNET:
The FBI is renewing its request for new Internet surveillance laws, saying technological advances hinder surveillance and warning that companies should be required to build in back doors for police. 
"We must ensure that our ability to obtain communications pursuant to court order is not eroded," FBI director Robert Mueller told a U.S. Senate committee this week. Currently, he said, many communications providers "are not required to build or maintain intercept capabilities." 
Mueller's prepared remarks reignite a long-simmering debate pitting the values of privacy, limited government, and freedom to innovate against law enforcement requests that often find a receptive audience on Capitol Hill. Two days ago, for instance, senators delayed voting on a privacy bill that would require search warrants for e-mail after sheriffs and district attorneys objected.  
In May, CNET disclosed that the FBI is asking Internet companies not to oppose a proposed law that would require firms, including Microsoft, Facebook, Yahoo, and Google, to build in back doors for government surveillance. The bureau's draft proposal would require that social-networking Web sites and providers of VoIP, instant messaging, and Web e-mail alter their code to ensure their products are wiretap-friendly.

Free Speech Online is a Human Right

From the EFF:

while the spread of the Internet has created an environment in which—in theory—anyone can be a writer, a photographer, a filmmaker, or a pundit, the reality is such that nearly half of the world's citizens access a fractured, fragmented Internet, and the threat of persecution for speaking out causes even more to censor their online speech. And the threats are increasing: Governments are ratcheting up Internet censorship, member countries of a UN body arefighting for more control of global networks, and reports of covert online surveillance abound. The Internet is great for the promotion of human rights, but human rights on the Internet are not always protected. 
In a landmark 2011 report, UN Special Rapporteur on freedom of expression Frank LaRue called attention to the role of the Internet in enabling individuals the world over to exercise their rights to freedom of opinion, expression, and assembly. NGOs and governments alike have heeded LaRue's call in promoting these rights, but their fight continues as powerful forces seek to enact more control over our online actions. 
Today, on International Human Rights Day, EFF would like to take the opportunity to remind our readers that the right to free expression must be guaranteed whether we're shouting from the rooftops or from our Facebook walls.

House Votes Against UN Regulation of Internet

From The Hill:
The House on Wednesday unanimously passed a Senate resolution introduced by Sens. Claire McCaskill (D-Mo.) and Marco Rubio (R-Fla.) that calls on the U.S. government to oppose United Nations control of the Internet.

The 397-0 vote is meant to send a signal to countries meeting at a U.N. conference on telecommunications this week. Participants are meeting to update an international telecom treaty, but critics warn that many countries’ proposals could allow U.N. regulation of the Internet . . .

Rep. Anna Eshoo (D-Calif.) said both the White House and lawmakers were united against U.N. control of the Internet.  "I think that we are all very, very proud that there is not only bipartisan, but bicameral support underlying this resolution, and there is complete support across the Executive Branch of our government," she said. "In other words, the United States of America is totally unified on this issue of an open structure, a multi-stakeholder approach that has guided the Internet over the last two decades."
Now to make sure we keep control of the internet out of the hands of the House and Senate.
See Older Posts...