Six/Four: The Internet Under Cover

[InfoSec News <isn () c4i org>]

http://www.eweek.com/article2/0,3959,919681,00.asp

By Jim Rapoza
March 6, 2003 

The Six/Four System is peer-to-peer technology that makes it possible
to carry out almost any Internet activity securely and -- more
importantly, for all sorts of reasons -- anonymously. The Hacktivismo
system, or anything based on it, just may become the Internet's next
killer app.

Many who will be affected by Six/Four might use the term "killer" in
another sense of the word - from record industry executives fearing a
file sharing network where they can't see who's sharing what, to law
enforcement personnel tracking illegal activity, to oppressive
governments attempting to filter information to its citizens.

This last is the reason that Hacktivismo created Six/Four. An offshoot
of the Cult of the Dead Cow hacker group, Hacktivismo is dedicated to
preventing state-sponsored censorship of the Internet. It created the
Six/Four System, which is named for the June 4, 1989, date of the
Tiananmen Square massacre, to make it possible to access information
anywhere on the Internet and put a big hole in things like China's
Internet firewall.

eWEEK Labs evaluated a beta version of the developers edition of the
Six/Four System, which became available this week, and found that
Hacktivismo hasn't quite achieved its goals. The peer-to-peer network,
which relies on many node clients with some trusted peers that handle
routing, is understandably very small right now. Also, the Six/Four
System's capabilities are very raw.

The main application in the beta we tested was the Web proxy. Once we
set up Six/Four on a Red Hat Linux system, we were able to define our
local host as a proxy in our browser, then use the Six/Four network to
anonymously go to Web sites. The process worked much like the old
SafeWeb site.

This will be useful to those who want or, due to restrictive
governments or ISPs, need to surf anonymously. However, in its current
beta form, Six/Four will likely be too difficult for novices to
install and use effectively.

Web surfing just scratches the surface of Six/Four's capabilities. It
works with any TCP or UDP application, so a large number of
applications could use it - all it would take is a simple system call
to make use of Six/Four with messaging, collaboration, file sharing
and other applications.

And that's exactly what will make Six/Four a security problem.  
Black-hat types could use Six/Four to break into networks and systems
without fear of being tracked.

Six/Four does have some safeguards against such usage: Trusted peer
administrators must apply to Hacktivismo for a certificate that client
peer nodes will use to identify legitimate trusted peers. At that
point, trusted peers can block specific services and protocols that
may be used maliciously.

The beta of the developers edition of the Six/Four System can be
downloaded at www.hacktivismo.com. Since the application includes
munitions-level encryption to download the code, you must first state
that you are not in or a citizen of Cuba, Iran, Iraq, Libya, North
Korea, Sudan or Syria.

Also, you must select the option that says you are not on the Commerce
Department's Denied Persons list. Finally, you must select that you
are a certified patriot, which basically means you selected "No" for
all of the above.

eWEEK Labs East Coast Technical Director Jim Rapoza can be reached at 
jim_rapoza () ziffdavis com. 



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.