Proxy Sites Offer Secret Passage to Myspace

JafSquared writes "As sites like MySpace.com gain popularity in young adults, schools all over are finding that taking measures to keep kids blocked out of these websites is becoming increasingly difficult. As this hype continues, proxy servers such as "Box of Prox" are springing up like wildfire. While system admins furiously work to diminish the strain placed on their school's local networks from sites like MySpace, these proxy sites are enabling easy access to restricted areas. However, schools aren't the only places that are feeling the heat. Proxies have also been becoming a bit of a complication in the workplace. To the more advanced user, the proxy server can become a tool for malicious intent as this article, delivering an anecdote with the termination of an employee, so poignantly details."

Proxies?

[Goaway (82658)]

Wow, Slashdot sure is on the CUTTING EDGE of TECHNOLOGY NEWS!

Re:Proxies?

[onebuttonmouse (733011)]

This isn't flamebait. Proxies have been a problem for years and years, the advent of web two-point-oh does not have any bearing on the problem.

Re:Proxies?

[by Anonymous Coward]

no but schools network ADmins are certianly pretty incapable of doing their job if they are not using a whitelist instead of a blacklist.

Have only a list of acceptable sites. when blocked put a link to submit for approval and teachers in the class or room can click on the link they wanted, view that it is not a backdoor to myspace or someplace inappropriate and then click "allow" which add's it to the whitelist.

simple works great and has near immediate access to sites not on the whitelist.

Too bad most scho

Re:Proxies?

[deblau (68023)]

Or, proxies have been the solution for years and years. Depends on which side of the table you sit.

Re:Proxies?

[kbox (980541)]

I don't know why hes post has been modded as troll, He has a point.
No wonder digg is getting more hits than slashdot now.

What with last weeks post about installing windows, and now this one "informing" us about proxy sites slashdot seem to be posting very trivial things now, Hardlly the cutting edge tech news site it used to be.

Re:Proxies?

[timeOday (582209)]

slashdot seem to be posting very trivial things now, Hardlly the cutting edge tech news site it used to be.

I can hardly imagine all the amazing stuff we must be missing out on, so why don't you go ahead and post some cutting edge tech news stories?

Lurk moar.

[Ayanami Rei (621112)]

Here's why you got modded down:

You gave an opinion about a Mac.
You never give opinions about Macs on slashdot (or really any forum). EVER.

There are two main camps:

1) Those who believe Macs are the saviors of all computing and Apple can do no wrong.
2) Those who think that Mac users are 'fags' and are stupid for wasting their money.

Even if you have a rational opinion, a person with moderation points from one group will lump you into the other group, and thus mod you down on principle.

Sorry, but that's how it

Do we have a war on social networking yet?

[Spazntwich (208070)]

I'm just waiting for more fallacious appeals to emotion in the fight against kids talking to one another.

Do politicians even consider how ridiculous their arguments are? Why, ghettos have become a haven for drug dealers, prostitutes, and other nerdowells! Do we ban ghettos? No, I believe parents simply teach their kids about the dangers of going there, and before they're old enough to understand that, the parents simply don't allow them to go there.

It's sad how human ignorance comes back with a vengeance with the emergence of any new technology or tool, without fail.

Re:Do we have a war on social networking yet?

[namityadav (989838)]

If school admins try to block sites that kids just HAVE to get to, then the kids will find a way to do so (Hint for Kids: Read about SSH / VPN). And once they know that they've found a way to bypass the school security, their curious minds would want them to check if they can now access porn this way too. The point that I am trying to make here is that the more freedom you try to take away, the more you're encouraging them to break the rules. I, for one, am happy that this will make at least a certain percentage of the kids aware of proxies, private networks etc. It's time that those nerds get to have some 'coolness' factor about them.

Re:Do we have a war on social networking yet?

[FireFury03 (653718)]

Hmm...while I'd guess most schools firewalls (if they have them) would probably by default in most cases have most ports open.

Wrong. I used to do network security for schools - they are *really* paranoid (mainly coz if little Johnny's parents find out he's surfing porn at school it generates a helluva lot of bad press for the school in question). Most schools are rather overzealous with the firewall rules.

I'd guess that most any school, like a business would have ports 80, 443

Most schools use web proxies

Re:Do we have a war on social networking yet?

[timeOday (582209)]

before they're old enough to understand that, the parents simply don't allow them to go there.

Which is exactly what they're trying to do. Stories like this inform parents that establishing those boundaries is harder than they thought.

Re:Do we have a war on social networking yet?

[Mr2001 (90979)]

By your comments I would guess that you are in the age group affected. IM or for that matter updating myspace while in school is the equivalent of passing notes which as long as I've been in school wasn't allowed, being a "new technology or tool" has nothing to do with it. I find it hillarious when kids think their rights are being impinged because they can't do whatever they want while at school. Is it so hard to wait until your home to chat with your "friends"?

When I was in high school, we were allowed to

Internet @ School

[toochoos (991616)]

I wonder why kids have internet access at school. Do someone really want them to have ADHD since childhood? Aren't they supposed to learn something while they sit in waiting to be online back home?

Re:Internet @ School

[Rachel Lucid (964267)]

It's like breakfast in the cafeteria; it's meant to be a proxy for a good upbringing at home.

Myself, I probably used the internet to a lot of its potential at school, but only because I blogged from it...

What?!?!?!

[Belial6 (794905)]

What does the internet have to do with ADHD? Ohhhh... That's right. Anything we don't like kids doing must cause ADHD.

Re:What?!?!?!

[Trepalium (109107)]

Indeed. I hear that rock and roll music, comic books, and video games all cause ADHD.

Re:What?!?!?!

[myowntrueself (607117)]

Ohhhh... That's right. Anything we don't like kids doing must cause ADHD.

You've hit the nail on the head; it is the 'not liking kids doing anything' that causes ADHD.

Re:Internet @ School

[CAIMLAS (41445)]

Public schools haven't been fashioned to instruct children facts and how to learn for decades, and things are just culminating to the point where they've stopped pretending to do so.

No, the order of the day at public schools is social compliance through political correctness. Bad grades aren't handed out, but you are publicly chastized for not doing well (ie, towing the line).

Re:Internet @ School

[pete6677 (681676)]

That's because the CEO of that service company donates a lot to some senator, therefore state business has to be directed to his company. Nevermind that it takes money from the children's education.

welcome to 1995?

[hsmith (818216)]

How is this news? People have been using proxies forever to get around blocks.

Re:welcome to 1995?

[by Anonymous Coward]

better news would have been to mention anonet [anonet.org] since its vpn based it can transverse 99% of firewalls, not for malicious activity but to stop network admins spying on what you do, with the ability to use with randomly assigned ip addresses its also a great way to connect home to work securly.

Re:welcome to 1995?

[Ecks (52930)]

The case, of hiding your web travels while at work, was mentioned in this article [pcworld.com] which was cited in the post.

I recently had an employee, an MIS employee at that, fired. He was using Anonymizer at work. We have a tracking system (Web Inspector) and I kept noticing that he was leaving no tracks.
I consulted with my supervisor and he decided that I should analyze the employee's system. I found footprints, hacking, and a batch file he...

You'll note that, though the company did find out where their fire

MySpace.com IS created to get into young adults

[by Anonymous Coward]

As sites like MySpace.com gain popularity in young adults ...

The last time I was in a young adult, I know I certainly gained popularity.

Needs more attentive blocking.

[celardore (844933)]

It is possible to filter out these sites with a little more work. For example, my company blocks any url that contains 'proxy'. It also filters most proxy sites that you can find on Google.

Also, if an admin notices they're getting a load of traffic to say http://surfinsecret.com/index.php?q=d3d3Lm15c3BhY2 UuY29t&hl=1111101001 [surfinsecret.com] then they could just visit that link, see what it was and block away.

I got around it by installing my own copy of phpproxy on my server and use it infrequently for certain sites. There's a lot of traffic to my domain anyway because I run an application my department uses on there, so it's fairly safe for me.

Next it will be SSH tunneling...

[martinultima (832468)]

My school district already hates me, just because I was using a VNC connection over an SSH tunnel to work on some stuff at home (yes, this was for a school project). For whatever reason they thought I was trying to access banned sites... funny thing is, I don't even like MySpace. Or any of those sites.

A new dawn for the Internet

[by Anonymous Coward]

The next internet is already being implemented by hobbyists, idealists and realists. There are those who want information to be free, those who want the Big Government(TM) to keep their hands off, those who feel that it's time to take the 'net back. These people are like you and me: they are tired of reading about the latest threats made by the RIAA/MPAA to bend laws to their twisted will. They are tired of knowing that bills introduced by the government to Combat $concept(TM) will be abused by special inte

Not really a new problem

[onebuttonmouse (733011)]

When I was in school (5 years ago), schools were trying to block well known proxies, but were unsuccessful at blocking those of us with 'home brewed' proxy servers. This wasn't really such a problem, because the policy was "get caught looking at sites x, y or z and you lose your computer privileges", why does this approach not work with advent myspace et al?

Proxies aren't such a big deal anyway, I worry more about the possibility of a savvy user with a bootable USB flash drive and OpenVPN.

Re:Not really a new problem

[Maestro4k (707634)]

When I was in school (5 years ago), schools were trying to block well known proxies, but were unsuccessful at blocking those of us with 'home brewed' proxy servers. This wasn't really such a problem, because the policy was "get caught looking at sites x, y or z and you lose your computer privileges", why does this approach not work with advent myspace et al?

Because before the first month of school was over with nearly every student in the school would have lost computer privileges. Kids are so fucking d

Strain on networks?

[b0s0z0ku (752509)]

Set up a bandwidth-shaping/QoS-type system that guarantees certain computers (office computers, presentation boxes in classrooms) a certain bandwidth. The other computers can share the scraps from this. In order to prevent hogging of the scraps, also set up a system where the remaining bandwidth is doled out more or less equally to those who need it. With routers running Linux, this should be less difficult than it seems.

Blocking sites is a half-assed solution since students will always find a way to expend bandwidth. (Personally, I think that the 'net doesn't need to be in classrooms anyway. I went to HS from 1993 to 1997 and survived just fine without going online in school.)

-b.

Restrictions are evolutionary pressure

[Gopal.V (532678)]

The average kid in school, thinks proxies and mucking around with computer stuff are the realm of nerds, sitting in their parents' basement typing away, creating a pathetic online world to compensate for the real one upstairs.

But the moment, you introduce blockades to access to a "cool" thing like myspace or facebook, these talents become valuable in terms of utilization. More kids learn these, use these and try to out-do the other in terms of l33tness. If there aren't the artificial boundaries drawn by the authorities, these skills would have never been learnt, developed and hopefully put to good use in the future.

Whatever they block these with, they just raise the bar for the kids. Clever, curious and with the power of the rest of the internet behind them ... there's nothing that's totally blocked off. Probably threats to those who break the security and offer real world punishments maybe, but blocking it all is impractical. Of course, then there are those who prefer forbidden fruit to the ones in the fridge, for the momentary thrill of breaking some rules.

I remember breaking the proxy at a college where I was giving a talk. All I did was ssh -D 8080 into my box and bypassed the "security" of the campus network. But I did that by unplugging the monitor cable, running ssh and plugging the monitor back on in under 2 minutes.And lo, meebo.com suddenly worked. The kids thought I was some great genius or something. THat kind of ego-rush to a 17 year old teenager can drive them to do far more than just break firewalls to get kudos from their peers.

These kind of restrictions just favour the kids who learn to use the system, instead of just fighting it on the streets like the average politico.

I used to run one of these.

[jb.hl.com (782137)]

For the purposes of myself (who at first just wanted to play sudoku at WebSudoku...) and others in my class at college (who wanted MySpace) I set up a CGIproxy on my webspace. A few months later, it had to be removed; for a start, because even when password-protected, the thing sucked up about 50% of the CPU time on the (shared) server on which it was located. In the end me and my classmates were a minority, it was mostly others using it (I did get a very nice email from a US Marine in Iraq asking for the password... I wasn't horrible enough to say no :) I kinda pity the people who do the same thing, set up a proxy for their own personal use and watch it get used by just about everyone and their dog.

What's so difficult?

[skinfitz (564041)]

Install DansGuardian [dansguardian.org] into your Squid proxy (what do you mean you don't use Squid..?)

Add to /etc/dansguardian/bannedphraselist:

' MySpace.com. All Rights Reserved.' (changing the ' for angle brackets)

Re:What's so difficult?

[skinfitz (564041)]

I use squid's bandwidth buckets to tarpit access to 'web contraband' like .swf files and can whitelist legit sites if needed.

Recent Joyous Discovery

[Balthisar (649688)]

Despite years of fiddling with my own home networks and hearing about ssh tunnelling, I'd never set up an ssh tunnel and never "got" the reasons for it. That's changed recently, and now I'm a convert. I know this is basic crap among most of the /. crowd, but here's how I can anonymously surf at work:

I have Proxomitron at work to get through the firewall. It acts as a local proxy server, and works with our something-Point firewall. It seems like only ports 80 and 23 are open. No port 22 for ssh, and no ports for email.

Using puTTY configured to look at the local proxy server, I establish the appropriate ssh tunnels to my Linux box at home. I don't know why this works, so any explanation would be cool. I'm using port 22 via the Proxomitron local http proxy over the corporate http proxy to my plain vanilla Linux box. Fscking mystery to my how it works, but it does. Setting up puTTY to work directly with the company firewall doesn't work, and I have no idea why. Proxomitron is required.

Of course now with all the right tunnels, I can use FireFox on my Linux box or even Safari on my Mac (if I leave it on) via VNC, and I have instant anonymous surfing. Yeah, I know I'm using a helluvalot of bandwidth, and I generally don't need or do any anonymous surfing anyway.

So, what's my traffic look like to my company IT boys for my interesting setup? I'm assuming that my secure ssh connection doesn't let anyone know what I'm doing over ssh; that's the point. But yet I have this traffic flowing out of Port 80 to Port 22 somehow, and it's either little tiny bursts when I'm working in bash, or it's a bandwidth hog if I'm using SAMBA or VNC over the connection.

-----
The whole initial point of the excercise was to talk to my MythTV box while on the road. All I wanted to do was ssh in to check my RAID status. I also had all kinds of ports open on my router so I could http into MythWeb, and Webmin, and MythStream, and SMB, and the router itself, and ftp, and generally a big mess. Now all I need is my single ssh port, and I'm good for everything without all of those open doors. At work I use puTTY, at the hotel I've got my iMac (remind myself to look for an ssh tunnel control panel so I don't have to keep using the shell).

Even with ssh, I'm subject to brute force attack, right? Wasn't there something like a magic knock I can setup so that I ping a certain sequence of ports in the right order, my ssh port opens up, otherwise being closed? Probably won't work for me, as I have a proprietary hardware router...

Re:Recent Joyous Discovery

[by Anonymous Coward]

It sounds like the firewall admins at your work are taking it pretty easy.....

Checkpoint (and any 'decent' firewall these days) has the ability to do protocol inspection and enforcement of things like HTTP and if the admins at your work either upgrade to an appropriate version of Checkpoint or simply enable the protocol inspectoin (if already running appropriate code) they can easily enable the function to stop you doing what your're doing.

...which then means you have to try to tunnel your traffic

Why I plan to homeschool my kids

[MikeRT (947531)]

Half of what I learned in high school, actually probably 2/3-3/4 of it, I learned online at school or on my own time. A lot of the stuff that I read was at one point or another restricted, like a lot of libertarian stuff (including the party site) was restricted because it advocated drug use.

That's how the pea-brained morons that make most filtering software think. Yet a friend of mine would pull up porn sites like pink.com (back in the day) and laugh about it.

I have been out of college for 6 months and so am young enough to remember high school life. It was a waste of my time. I plan to homeschool my kids because they shouldn't have to "fight the system" to get anything interesting out of it.

Re:Why I plan to homeschool my kids

[4D6963 (933028)]

So... you want to homeschool your kids.. because of filtering software at school?

Are you fucking kidding? Going to school is about having a social life and being thaught things by professional teachers, nobody gives a fuck about whatever site the school can filter, actually if the school you'd want to put your kids in had not a single computer, that would be just fine.

How silly can you be to take a decision that heavy of consequences for your hypothetical kids based on such an insignifying detail? I hope I

news?

[Lord Ender (156273)]

1997 called. They want their story back.

Seriously, I can't be the only one here who wrote a CGI proxy server so that I can get around censorware (like BESS) while in high school. I even sold access to it to my fellow students!

Code is simple:

# fetch the url specified after the "?"
# prepend the url of the proxy to all link tags
# print the page out to the user

So all you have to do is run apache with this CGI from home, and you never have to worry about censorware again.

Huh? Poignant?

[93 Escort Wagon (326346)]

"To the more advanced user, the proxy server can become a tool for malicious intent as this article, delivering an anecdote with the termination of an employee, so poignantly details.""

The part about the firing was short and rather matter-of-fact. Where, exactly, was the poignancy [m-w.com]?

In the words of a famous Spaniard, "I do not think it means what you think it means."

Whitelisting is the necessary answer

[Nom du Keyboard (633989)]

Schools and others who wish to restrict access need to start whitelisting allowed sites, rather than blacklisting prohibited ones. Yes it's a lot more work to whitelist a thousand useful resource sites rather than blacklist MySpace. However, if the schools work together on a single system they can spread out the burden sufficiently. Otherwise it's just a game of Wack-a-Mole.

Filter Complainer

[Deviant Q (801293)]

Just this last year, our school introduced an extremely-restrictive proxy that would often block legitimate research sites (as well as all the fun ones.) In addition to finding a few workarounds (ping to get IP address, use that instead; google translation; etc.), I wrote a happy little program that I distributed throughout the computer lab.

What did this program do? It ran in the background, monitoring Internet Explorer's address bar (couldn't find a nice API for Firefox, but mozilla.org was blocked anyway). When it detected that the proxy had taken over (http://www.lghs.net?blockedsite=mozilla.org&reaso n=ADULT-CONTENT), it sent a nice little email to the IT guy. It was very polite, just saying a sentence or two about how I believe site.com had been added to the filter list in error and I would request its removal. Multiply that by every blocked site ever visited, though... :-D.

(Yes, I know it's probably not moral to use school computers for this. Yes, I know he could have created an email filtering rule to send the messages to the trash. I liked it, and so did the users. *Shrug*.)

Bullshit article

[hyrdra (260687)]

From TFA:

I recently had an employee, an MIS employee at that, fired. He was using Anonymizer at work. We have a tracking system (Web Inspector) and I kept noticing that he was leaving no tracks.

I consulted with my supervisor and he decided that I should analyze the employee's system. I found footprints, hacking, and a batch file he used to delete all Internet traces. So I sent the system off to forensics and they found all the bits, each and every one. We're now in legal limbo. The employee is being fired, not for the hacking or the batch file, but for using the Anonymizer.

Thought maybe you'd be interested in hearing about the dangers of using the Anonymizer in the workplace. They claim the Anonymizer hides your tracks at work--but I guess not all of them.
--Name Withheld, Network and Computer Systems Administrator

Anyone who reads that from this so called "Network and Computer Systems Administrator" will be seriously scratching their head. First, they used a tool from the same people that make Webwasher pseudo-ware. This software basically looks for HTTP GET requests and prepares a report. Then he mentioned they found evidence of a leet batch file, "footprints", whatever those are, and of course this employee of theirs was some leet uber hacker going to deploy the latest and greatest worm on their network of poorly secured network running some sort of automated intrusion detection ware.

Then he ships the system off to Forensics (what company has a Forensics department I don't want to work at) and they were able to find all the bits, maybe even some bytes. When it came down to it, the company supposedly terminated the employee for using an online anonomyizer service, assuming they couldn't prove he was using it to break company policy.

If this story is true, which I highly doubt based upon the anecdotal evidence of this so called "Network and Computer Systems Administrator" they should have fired none other than this dumbass. Bullshit article.

Re:Well...

[jZnat (793348)]

Not a very viable solution for teens at school.

Students vs. Public Schools

[Rachel Lucid (964267)]

A lot of the problem is that the kids are often just plain smarter than the school's sys admins. Back in my high school, there was a really popular rom collection that the admins couldn't get out of the system because when they tried to (via wiping the system or otherwise), someone would just restore it from their copy of the roms. Eventually it got to the point where if it was a certain amount of time before class, the admins just looked the other way while kids played Super Mario 3 and Adventure Island.

Tr

Re:Students vs. Public Schools

[CastrTroy (595695)]

I think the problem is, is that apart from creating a whitelist of sites (which is a pretty crappy way of using the Internet), there's no way to really keep kids off of sites you don't want them to see. You can't blacklist all the bad stuff, and once something is encrypted, the firewall would be very bad at filtering anything out. It may be a lack of knowledge, but it's also the lack of a solution. I don't know why they need internet except on certain computers anyway. When I was in high school, we had

Re:Students vs. Public Schools

[by Anonymous Coward]

You had your grading, scheduling, and payroll systems on the same local network as the student lab computers? Sheesh.

I'm not the grandparent but I can respond to this. The way most K-12 systems are setup this is largely unavoidable. All computers are on one network within each school building. I know in the system I worked for most schools had one router and a class C of address space. The Internet access was provided by the state, and all sites ran through central office and through a firewall there

Opt-in, not opt-out

[kripkenstein (913150)]

There are always proxy sites [...] They will find a way no matter what

I agree completely. Schools are stupid if they think they can prevent access to Myspace and other sites in this way.

The way to do this would be the exact opposite - not a list of banned sites, but a list of allowed sites. If you want school PCs to be limited to school activities, that would be the way to go. Of course, this would seriously limit the kids' ability to do legitimate research online.

So really there is no good solutio

Re:Security

[generic-man (33649)]

For Yahoo Messenger and other IM programs, there are JavaScript clients like Meebo [meebo.com] that have garnered a good reputation for being trustworthy. (How do you know it's secure? You don't, of course, but you don't do anything secure over IM anyway)

Similarly, it's only a matter of time before the MySpace cottage industry cranks out a few JavaScript programs to read and reply to MySpace messages, post to blogs, and whatever other services MySpace offers.

Re:host

[jb.hl.com (782137)]

That's no reason to blame MySpace. By the same token, MySpace users could say that Slashdot's either full of egotistical nerds or people with delusions of knowledgability...

Re:MySpace is bad

[drsquare (530038)]

It is a corporate website that allows users to violate every standard of web design without having to know a lick of code or even html. The user pages are downright painful to attempt to decipher at times, and there is usually some horrible music playing in the background that is difficult (if not impossible) to stop. The fact that it is used for criminal activity only adds to the collective distaste.

Other than the background music, you're describing slashdot.