Kuro5hin.org: technology and culture, from the trenches
create account | help/FAQ | contact | links | search | IRC | site news
[ Everything | Diaries | Technology | Science | Culture | Politics | Media | News | Internet | Op-Ed | Fiction | Meta | MLP ]
We need your support: buy an ad | premium membership

[P]
Bug in Software, or Bug in Politics?

By the Epopt in News
Mon Jul 10, 2000 at 12:16:11 PM EST
Tags: Freedom (all tags)
Freedom

Wired is running a story about the fact that users of Zero-Knowledge Systems's Freedom.net privacy application can't access the FBI's web site.

Anyone running a 0-K "nym" cannot access fbi.gov. Neither 0-K nor the FBI have found the reason.


Is the FBI blocking privacy-equipped browsers from its website? Or is it a bug in Freedom.net? No one is pointing fingers; indeed, both the FBI and 0-K seem to be cooperating to find the problem. The FBI spokesbeing states, "That I'm aware of, there's no attempt to block anybody from looking at the FBI's Web page and there's no incentive for us to do it. The more people that can see that page the more we like it. That's the whole reason we have it."

A federal agent making sense? It must be a conspiracy!

Sponsors

Voxel dot net
o Managed Hosting
o VoxCAST Content Delivery
o Raw Infrastructure

Login

Related Links
o Wired
o story
o Zero-Knowl edge Systems
o FBI's web site
o Also by the Epopt


Display: Sort:
Bug in Software, or Bug in Politics? | 19 comments (10 topical, 9 editorial, 0 hidden)
"fbi.gov" isn't a host (4.30 / 7) (#5)
by tornado on Fri Jul 07, 2000 at 09:56:35 PM EST

The referenced article says, "That's why eyebrows went up when Freedom users typed fbi.gov only to find the FBI's website just doesn't load."

Try it. fbi.gov isn't a host. www.fbi.gov is. I certainly hope the freedom.net folks have tried that.

Maybe I should email 'em


"I like [Mac OS X] significantly more than I like Windows NT, which is better than 95 or 98 in the way that smallpox is better than Ebola." -- Kyrrin

Re: "fbi.gov" isn't a host (none / 0) (#16)
by Anonymous Hero on Mon Jul 10, 2000 at 01:35:55 PM EST

The referenced article says, "That's why eyebrows went up when Freedom users typed fbi.gov only to find the FBI's website just doesn't load." [...] Try it. fbi.gov isn't a host. www.fbi.gov is. I certainly hope the freedom.net folks have tried that.

Don't you mean "http://www.fbi.gov/" which is a valid url?
</pedant>



[ Parent ]
Re: "fbi.gov" isn't a host (none / 0) (#17)
by tornado on Mon Jul 10, 2000 at 03:54:52 PM EST

While I agree that technically the user should be typing them, most browsers prepend "http://" and append "/" if you leave them off. However, I meant exactly what I said:

$ /usr/sbin/nslookup fbi.gov
Server: localhost
Address: 127.0.0.1

*** localhost can't find fbi.gov: Non-existent host/domain

$ /usr/sbin/nslookup www.fbi.gov
Server: localhost
Address: 127.0.0.1

Non-authoritative answer:
Name: www.fbi.gov
Address: 32.96.111.130

A host being non-existent (always?) makes the URL invalid.

I expect that the freedom.net folks have tried the correct URL and that the article's author left out the "www." because so many .com's do.


Does anybody here use the service in question? I'd like someone to try this just to be sure.

"I like [Mac OS X] significantly more than I like Windows NT, which is better than 95 or 98 in the way that smallpox is better than Ebola." -- Kyrrin
[ Parent ]

Re: "fbi.gov" isn't a host (none / 0) (#19)
by cesarb on Tue Jul 11, 2000 at 09:47:39 AM EST

Some browsers try adding a www. if the hostname doesn´t resolve.

[ Parent ]
lame joke (1.80 / 6) (#11)
by Anonymous Hero on Sun Jul 09, 2000 at 10:43:05 PM EST

Am I the only one who finds the company name "Zero Knowledge Systems" hilarious? Hehe. Yeah, I know it is supposed to mean privacy or something, but to me it sounds like they don't know what they're doing!

Imaginary Phone Call to ZKS tech support:

Me: Hi, I need to know if your program runs on Linux...
Them: Huh? I don't know.
Me: You know, your "Freedom" program.
Them: Who is this? I don't know what you are talking about.
Me: This IS Zero Knowledge Systems, isn't it?
Them: Where am I? What is going on? I can't remember!

I wonder if their advertising slogan is - "We know nothing." Hehe Well, at least they are up front about it.

client expose (3.00 / 2) (#12)
by pooge on Mon Jul 10, 2000 at 02:18:27 AM EST

this is a problem i find quite often in accessing websites through 'non-traditional' clients. programming parsing interfaces using LWP/Perl or other self built clients cause some servers to reject requests. for example trying to access ETOYS.com using LWP will not allow access because the client in not a trad. flavor netscape, ie, mozilla, etc. so it seems to me sites who have had attacks, either script kiddies, or full fledged, have restricted client access to something more predictable. my 2 cents

Re: client expose (4.50 / 2) (#13)
by ejf on Mon Jul 10, 2000 at 08:56:03 AM EST

Hmm.

If any website restricts access on basis of the Client-identifier sent with each request to actually increase security, they are just one thing : plain dumb. One of the easiest things to do is just to change that Header. LWP can do it, Lynx can do it, squid can do it, any text-editor can do it. Security through obscurity is no security at all.

Of course, make that point clear to those PHB´s.


--- men are reasoning, not reasonable animals.
[ Parent ]
I'm not sure (4.00 / 1) (#14)
by Rasputin on Mon Jul 10, 2000 at 09:46:17 AM EST

It wouldn't surprise me that the FBI is blocking people using 0-K nym's, but it also wouldn't surprise me to find out they're doing something silly that unintentially blocks them.

I saw the other comment that included quotes accusing the FBI of doing the blocking intentionally, but I would need a little more confirmation to be sure. I guess the question is, does anyone else know of any substantiating information?
Even if you win the rat race, you're still a rat.

Re: I'm not sure (none / 0) (#15)
by zavyman on Mon Jul 10, 2000 at 01:08:10 PM EST

This is exactly right. More than anything else, this is probably an unintentional result of some system they have installed. There would be no reason to do the blocking, and futhermore, this would not be good for their public relations.

Empty speculation has rarely done anyone good, and can be just as harmful as blatant rumor. Give the FBI a little bit of credit here. Why would they want to deny access to a public web site. I could see this happening if they were to access some of the other systems around fbi.gov, but not the web site.

[ Parent ]

Should be easy to find the reason. (none / 0) (#18)
by AftanGustur on Tue Jul 11, 2000 at 04:33:00 AM EST

So, what's the difficulty in finding the problem ? I do this every day, (well maby not every day but it's a part of my job and those things do happend from time to time).

Her's how to find out what's happening.

1) Install this 'nim' software on a windows machine, let's call it W

2) Verify that you *can't* reach www.fbi.gov.

3) Make a request to a webserver you control and, watch the traffic (there is a undocumented switch -D in tcpdump that gives you the tcp payload in plain text).

4) using ncat,wget or telnet craft a similar request, at you saw in (3) to fbi.gov's webserver.

5) if (4) didn't work, well, then you know that one of the attributes of the requests is to blame, cookie, referer, browser version etc ...

6) If (4) *did* work, then there are 2 possibilities.
   a) fbi.gov is giving zeroknowlidge's prox servers a special
   "threatment".
   
   b) There is a bug in the 'nim' software, use netcat to serve
   FBI's complete HTTP response from your own server.
   This does not guaranty that you will find it, but you just
   *might*.
   And if you do, well, then you have found it.

p.s. www.fbi.gov works just fine with my JunkBuster enabled Netscape, on my Linux box.

Bug in Software, or Bug in Politics? | 19 comments (10 topical, 9 editorial, 0 hidden)
Display: Sort:

kuro5hin.org

[XML]
All trademarks and copyrights on this page are owned by their respective companies. The Rest © 2000 - Present Kuro5hin.org Inc.
See our legalese page for copyright policies. Please also read our Privacy Policy.
Kuro5hin.org is powered by Free Software, including Apache, Perl, and Linux, The Scoop Engine that runs this site is freely available, under the terms of the GPL.
Need some help? Email help@kuro5hin.org.
My heart's the long stairs.

Powered by Scoop create account | help/FAQ | mission | links | search | IRC | YOU choose the stories!