Kid Safe Web Terminal?
Somehow I doubt it! I see this stuff all over town. Every place that is for kids has a computer. I wonder if they are all on the same botnet!
Somehow I doubt it! I see this stuff all over town. Every place that is for kids has a computer. I wonder if they are all on the same botnet!
Why is Linux safer than Windows? Because linux-tpreter hasn't been updated. That is always a favorite joke I hear among the community. Today with the update of Metasploit 4.2, I saw a module that I had always ment to check out. Post Sudo Upgrade on a shell.
Thanks to this module by todb, post/multi/manage/sudo, getting privledge escalation on an Ubuntu host with point, click, pwn!
Goot Root?
Yup!
Tomorrow, January 18th 2012 Wikipedia is going dark in protest of SOPA or the Stop Online Privacy Act. Here is a snapshot of the Wikipedia page since many people tomorrow will be wondering what is this SOPA thing and Wikipedia will be offline!
I did not receive Wikipedia's permission so I guess this could be a violation of SOPA. Anyone who links to this page would be in violation as well! Damn it feels good to be a gangsta!
Full title | "To promote prosperity, creativity, entrepreneurship, and innovation by combating the theft of U.S. property, and for other purposes." —H.R. 3261[1] |
---|---|
Acronym | SOPA |
Colloquial name(s) | House Bill 3261 |
The Stop Online Piracy Act (SOPA), also known as House Bill 3261 or H.R. 3261, is a bill that was introduced in the United States House of Representatives on October 26, 2011, by House Judiciary Committee Chair Representative Lamar Smith (R-TX) and a bipartisan group of 12 initial co-sponsors. The bill, if made law, would expand the ability of U.S. law enforcement and copyright holders to fight online trafficking in copyrighted intellectual property and counterfeit goods.[2] Presented to the House Judiciary Committee, it builds on the similar PRO-IP Act of 2008 and the corresponding Senate bill, the PROTECT IP Act.[3]
The originally proposed bill would allow the U.S. Department of Justice, as well as copyright holders, to seek court orders against websites accused of enabling or facilitating copyright infringement. Depending on who makes the request, the court order could include barring online advertising networks and payment facilitators from doing business with the allegedly infringing website, barring search engines from linking to such sites, and requiring Internet service providers to block access to such sites. The bill would make unauthorized streaming of copyrighted content a crime, with a maximum penalty of five years in prison for ten such infringements within six months. The bill also gives immunity to Internet services that voluntarily take action against websites dedicated to infringement, while making liable for damages any copyright holder who knowingly misrepresents that a website is dedicated to infringement.[4]
Proponents of the bill say it protects the intellectual property market and corresponding industry, jobs and revenue, and is necessary to bolster enforcement of copyright laws, especially against foreign websites.[5] They cite examples such as Google's $500 million settlement with the Department of Justice for its role in a scheme to target U.S. consumers with ads to illegally import prescription drugs from Canadian pharmacies.[6]
Opponents say that it violates the First Amendment,[7] is Internet censorship,[8] will cripple the Internet,[9] and will threaten whistle-blowing and other free speech actions.[7][10] Opponents have initiated a number of protest actions, including petition drives, boycotts of companies that support the legislation, and planned service blackouts by major Internet companies scheduled to coincide with the next Congressional hearing on the matter.
The House Judiciary Committee held hearings on November 16 and December 15, 2011. The Committee was scheduled to continue debate in January 2012.[11]
The bill would authorize the U.S. Department of Justice to seek court orders against websites outside U.S. jurisdiction accused of infringing on copyrights, or of enabling or facilitating copyright infringement.[4] After delivering a court order, the U.S. Attorney General could require US-directed Internet service providers, ad networks, and payment processors to suspend doing business with sites found to infringe on federal criminal intellectual property laws. The Attorney General could also bar search engines from displaying links to the sites.[12]
The bill also establishes a two-step process for intellectual property rights holders to seek relief if they have been harmed by a site dedicated to infringement. The rights holder must first notify, in writing, related payment facilitators and ad networks of the identity of the website, who, in turn, must then forward that notification and suspend services to that identified website, unless that site provides a counter notification explaining how it is not in violation. The rights holder can then sue for limited injunctive relief against the site operator, if such a counter notification is provided, or if the payment or advertising services fail to suspend service in the absence of a counter notification.[12]
The bill provides immunity from liability to the ad and payment networks that comply with this Act or that take voluntary action to cut ties to such sites. Any copyright holder who knowingly misrepresents that a website is dedicated to infringement would be liable for damages.[4] The second section increases the penalties for streaming video and for selling counterfeit drugs, military materials or consumer goods. The bill would increase the penalties for unauthorized streaming of copyrighted content[for uploaders, downloaders, or hosts? clarification needed] and other intellectual property offenses.[12]
At the end of October co-sponsor Representative Bob Goodlatte (R-VA), chairman of the House Judiciary Committee's Intellectual Property sub-panel, told The Hill that SOPA is a rewrite of the Senate's bill that addresses some tech industry concerns, noting that under the House version of the legislation copyright holders won't be able to directly sue intermediaries like search engines to block infringing websites and would instead need a court's approval before taking action against third parties.[13]
According to Rep. Goodlatte, "Intellectual property is one of America's chief job creators and competitive advantages in the global marketplace, yet American inventors, authors, and entrepreneurs have been forced to stand by and watch as their works are stolen by foreign infringers beyond the reach of current U.S. laws. This legislation will update the laws to ensure that the economic incentives our Framers enshrined in the Constitution over 220 years ago—to encourage new writings, research, products and services— remain effective in the 21st century's global marketplace, which will create more American jobs."[14]
Rights-holders see intermediaries—the companies who host, link to, and provide e-commerce around the content—as the only accessible defendants.[15]
Sponsor Rep. John Conyers (D-MI) said, "Millions of American jobs hang in the balance, and our efforts to protect America's intellectual property are critical to our economy's long-term success."[14] Smith added, "The Stop Online Piracy Act helps stop the flow of revenue to rogue websites and ensures that the profits from American innovations go to American innovators."[14]
The Motion Picture Association of America (MPAA) representative who testified before the committee said that the motion picture and film industry supported two million jobs and 95,000 small businesses.[16]
Pfizer spokesman John Clark testified that patients could not always detect cleverly forged websites selling drugs that were either mis-branded or simply counterfeit.[17]
RxRights, a consumer advocacy group, issued a statement saying that Clark failed "to acknowledge that there are Canadian and other international pharmacies that do disclose where they are located, require a valid doctor's prescription and sell safe, brand-name medications produced by the same leading manufacturers as prescription medications sold in the U.S."[18] They had earlier said that SOPA "fails to distinguish between counterfeit and genuine pharmacies" and would prevent American patients from ordering their medications from Canadian pharmacies online.[19]
Bill sponsor Smith accused Google of obstructing the bill, citing its $500 million settlement with the DOJ on charges that it allowed ads from Canadian pharmacies, leading to illegal imports of prescription drugs.[6] Shipment of prescription drugs from foreign pharmacies to customers in the US typically violates the Federal Food, Drug and Cosmetic Act and the Controlled Substances Act.[20]
On TIME's Techland blog, Jerry Brito wrote, "Imagine if the U.K. created a blacklist of American newspapers that its courts found violated celebrities' privacy? Or what if France blocked American sites it believed contained hate speech?"[21] Similarly, the Center for Democracy and Technology warned, "If SOPA and PIPA are enacted, the US government must be prepared for other governments to follow suit, in service to whatever social policies they believe are important—whether restricting hate speech, insults to public officials, or political dissent."[22]
Laurence H. Tribe, a Harvard University professor of constitutional law, released an open letter on the web stating that SOPA would “undermine the openness and free exchange of information at the heart of the Internet. And it would violate the First Amendment.”[7][23]
The AFL-CIO's Paul Almeida, arguing in favor of SOPA, has stated that free speech was not a relevant consideration, because "Freedom of speech is not the same as lawlessness on the Internet. There is no inconsistency between protecting an open Internet and safeguarding intellectual property. Protecting intellectual property is not the same as censorship; the First Amendment does not protect stealing goods off trucks."[24]
According to the Electronic Frontier Foundation, proxy servers, such as those used during the Arab Spring, can also be used to thwart copyright enforcement and therefore may be outlawed by the act.[25]
John Palfrey, co-director of the Berkman Center for Internet & Society, expressed disagreement with the use of his research findings to support SOPA. He wrote that "SOPA would make many [DNS] circumvention tools illegal", which could put "dissident communities" in autocratic countries "at much greater risk than they already are". He added, "The single biggest funder of circumvention tools has been and remains the U.S. government, precisely because of the role the tools play in online activism. It would be highly counter-productive for the U.S. government to both fund and outlaw the same set of tools.[26]
Marvin Ammori has stated the bill might make The Tor Project illegal. Funded by the State Department the Tor Project creates encryption technology used by dissidents in repressive regimes (that consequently outlaw it). Ammori says that the US Supreme Court case of Lamont v. Postmaster General 381 U.S. 301 (1965) makes it clear that Americans have the First Amendment right to read and listen to such foreign dissident free speech, even if those foreigners themselves lack an equivalent free speech right (for example under their constitution or through Optional Protocols under the United Nations International Covenant on Civil and Political Rights).[27]
Opponents have warned that SOPA would have a negative impact on online communities. Journalist Rebecca MacKinnon argued in an op-ed that making companies liable for users' actions could have a chilling effect on user-generated sites such as YouTube. "The intention is not the same as China’s Great Firewall, a nationwide system of Web censorship, but the practical effect could be similar", she says.[28] The Electronic Freedom Foundation (EFF) warned that websites Etsy, Flickr and Vimeo all seemed likely to shut down if the bill becomes law.[29] Policy analysts for New America Foundation say this legislation would enable law enforcement to take down an entire domain due to something posted on a single blog, arguing, "an entire largely innocent online community could be punished for the actions of a tiny minority."[30]
Additional concerns include the impact on common Internet functions such as linking or access data from the cloud. EFF claimed the bill would ban linking to sites deemed offending, even in search results[31] and on services such as Twitter.[32] Christian Dawson, Chief Operating Officer (COO) of Virginia-based hosting company ServInt, predicted that the legislation would lead to many cloud computing and Web hosting services moving out of the US to avoid lawsuits.[33] The Electronic Frontier Foundation have stated that the requirement that any site must self-police user generated content would impose significant liability costs and explains "why venture capitalists have said en masse they won’t invest in online startups if PIPA and SOPA pass."[34]
Proponents of the bill countered these claims, arguing that filtering is already common. Michael O'Leary of the MPAA testified on November 16 that the act's effect on business would be more minimal, noting that at least 16 countries already block websites, and that the Internet still functions in those countries.[35] MPAA Chairman Chris Dodd noted that Google figured out how to block sites when China requested it.[36] Some ISPs in Denmark, Finland, Ireland and Italy blocked The Pirate Bay after courts ruled in favor of music and film industry litigation, and a coalition of film and record companies has threatened to sue British Telecom if it does not follow suit.[37] Maria Pallante of the US Copyright Office said that Congress has updated the Copyright Act before and should again, or "the U.S. copyright system will ultimately fail." Asked for clarification, she said that the US currently lacks jurisdiction over websites in other countries.[35]
The 1998 Digital Millennium Copyright Act (DMCA) includes the Online Copyright Infringement Liability Limitation Act, that provides a "safe harbor" for websites that host content. Under that provision, copyright owners who felt that a site was hosting infringing content are required to request the site to remove the infringing material within a certain amount of time.[38][39][40] SOPA would bypass this "safe harbor" provision by placing the responsibility for detecting and policing infringement onto the site itself, and allowing judges to block access to websites "dedicated to theft of U.S. property."[41]
According to critics of the bill such as the Center for Democracy and Technology and the Electronic Frontier Foundation, the bill's wording is vague enough that a single complaint about a site could be enough to block it, with the burden of proof resting on the site. A provision in the bill states that any site would be blocked that "is taking, or has taken deliberate actions to avoid confirming a high probability of the use of the U.S.-directed site to carry out acts that constitute a violation." Critics have read this to mean that a site must actively monitor its content and identify violations to avoid blocking, rather than relying on others to notify it of such violations.[29][42]
Law professor Jason Mazzone wrote, "Damages are also not available to the site owner unless a claimant 'knowingly materially' misrepresented that the law covers the targeted site, a difficult legal test to meet. The owner of the site can issue a counter-notice to restore payment processing and advertising but services need not comply with the counter-notice".[43]
Goodlatte stated, "We're open to working with them on language to narrow [the bill's provisions], but I think it is unrealistic to think we're going to continue to rely on the DMCA notice-and-takedown provision. Anybody who is involved in providing services on the Internet would be expected to do some things. But we are very open to tweaking the language to ensure we don't impose extraordinary burdens on legitimate companies as long as they aren't the primary purveyors [of pirated content]".[44][45]
O'Leary submitted written testimony in favor of the bill that expressed guarded support of current DMCA provisions. "Where these sites are legitimate and make good faith efforts to respond to our requests, this model works with varying degrees of effectiveness," O'Leary wrote. "It does not, however, always work quickly, and it is not perfect, but it works."[16]
An analysis in the information technology magazine eWeek stated, "The language of SOPA is so broad, the rules so unconnected to the reality of Internet technology and the penalties so disconnected from the alleged crimes that this bill could effectively kill e-commerce or even normal Internet use. The bill also has grave implications for existing U.S., foreign and international laws and is sure to spend decades in court challenges."[46]
Art Bordsky of advocacy group Public Knowledge similarly stated, "The definitions written in the bill are so broad that any US consumer who uses a website overseas immediately gives the US jurisdiction the power to potentially take action against it."[47]
On October 28, 2011, the EFF called the bill a "massive piece of job-killing Internet regulation," and said, "This bill cannot be fixed; it must be killed."[48]
Gary Shapiro, CEO of the Consumer Electronics Association, spoke out strongly against the bill, stating, "The bill attempts a radical restructuring of the laws governing the Internet," and that "It would undo the legal safe harbors that have allowed a world-leading Internet industry to flourish over the last decade. It would expose legitimate American businesses and innovators to broad and open-ended liability. The result will be more lawsuits, decreased venture capital investment, and fewer new jobs."[49]
Lukas Biewald, founder of CrowdFlower, stated, "It'll have a stifling effect on venture capital... No one would invest because of the legal liability."[50]
Booz & Company on November 16 published a Google-funded study finding that almost all of the 200 venture capitalists and angel investors interviewed would stop funding digital media intermediaries if the bill became law. More than 80 percent said they would rather invest in a risky, weak economy with the current laws than a strong economy with the proposed law in effect. If legal ambiguities were removed and good faith provisions in place, investing would increase by nearly 115 percent.[51]
As reported by David Carr of The New York Times in an article critical of SOPA and PIPA, Google, Facebook, Twitter and other companies sent a joint letter to Congress, stating "We support the bills’ stated goals – providing additional enforcement tools to combat foreign ‘rogue’ Web sites that are dedicated to copyright infringement or counterfeiting. However, the bills as drafted would expose law-abiding U.S. Internet and technology companies to new uncertain liabilities, private rights of action and technology mandates that would require monitoring of Web sites.”[23][52] Smith responded, saying, the article "unfairly criticizes the Stop Online Piracy Act", and, "does not point to any language in the bill to back up the claims. SOPA targets only foreign Web sites that are primarily dedicated to illegal and infringing activity. Domestic Web sites, like blogs, are not covered by this legislation." Smith also said that Carr incorrectly framed the debate as between the entertainment industry and high-tech companies, noting support by more than "120 groups and associations across diverse industries, including the United States Chamber of Commerce".[53]
Lateef Mtima, director of the Institute for Intellectual Property and Social Justice at Howard University School of Law, expressed concern that users who upload copyrighted content to sites could potentially be held criminally liable themselves, saying, "Perhaps the most dangerous aspect of the bill is that the conduct it would criminalize is so poorly defined. While on its face the bill seems to attempt to distinguish between commercial and non-commercial conduct, purportedly criminalizing the former and permitting the latter, in actuality the bill not only fails to accomplish this but, because of its lack of concrete definitions, it potentially criminalizes conduct that is currently permitted under the law."[54]
An aide to Rep. Smith said, "This bill does not make it a felony for a person to post a video on YouTube of their children singing to a copyrighted song. The bill specifically targets websites dedicated to illegal or infringing activity. Sites that host user content—like YouTube, Facebook, and Twitter—have nothing to be concerned about under this legislation".[54]
In January 2012, bloggers claimed that Smith's own website had apparently used a copyright protected image without attributing it to the photographer who took it, with Time noting, "It doesn’t seem like a huge violation, but that’s the point; if SOPA passes, who knows how minor infractions like this will be handled."[55][56]
A paper by the Center for Democracy and Technology claimed that the bill "targets an entire website even if only a small portion hosts or links to some infringing content."[39]
According to A. M. Reilly of Industry Leaders Magazine, under SOPA, culpability for distributing copyright material is extended to those who aid the initial poster of the material. For companies that use virtual private networks (VPN) to create a network that appears to be internal but is spread across various offices and employees' homes, any of these offsite locations that initiate sharing of copyright material could put the entire VPN and hosting company at risk of violation.[57]
Answering similar criticism in a CNET editorial, Recording Industry Association of America (RIAA) head Cary Sherman wrote, "Actually, it's quite the opposite. By focusing on specific sites rather than entire domains, action can be targeted against only the illegal subdomain or Internet protocol address rather than taking action against the entire domain."[58]
The Electronic Frontier Foundation expressed concern that free and open source software (FLOSS) projects found to be aiding online piracy could experience serious problems under SOPA.[59] Of special concern was the web browser Firefox,[25] which has an optional extension, MAFIAAFire Redirector, that redirects users to a new location for domains that were seized by the U.S. government.[60] In May 2011, Mozilla refused a request by the Department of Homeland Security to remove MAFIAAFire from its website, questioning whether the software had ever been declared illegal.[61][62]
Edward J. Black, president and CEO of the Computer & Communication Industry Association, wrote in the Huffington Post that "Ironically, it would do little to stop actual pirate websites, which could simply reappear hours later under a different name, if their numeric web addresses aren't public even sooner. Anyone who knows or has that web address would still be able to reach the offending website."[63]
An editorial in the San Jose Mercury-News stated, "Imagine the resources required to parse through the millions of Google and Facebook offerings every day looking for pirates who, if found, can just toss up another site in no time."[64]
John Palfrey of the Berkman Center for Internet & Society commented, "DNS filtering is by necessity either overbroad or underbroad; it either blocks too much or too little. Content on the Internet changes its place and nature rapidly, and DNS filtering is ineffective when it comes to keeping up with it."[26]
According to Markham Erickson, head of NetCoalition, which opposes SOPA, the section of the bill that would allow judges to order internet service providers to block access to infringing websites to customers located in the United States would also allow the checking of those customers' IP address, a method known as IP blocking. Erickson has expressed concerns that such an order might require those providers to engage in "deep packet inspection", which involves analyzing all of the content being transmitted to and from the user, raising new privacy concerns.[65][66]
Policy analysts for New America Foundation say this legislation would "instigate a data obfuscation arms race" whereby by increasingly invasive practices would be required to monitor users' web traffic resulting in a "counterproductive cat-and-mouse game of censorship and circumvention would drive savvy scofflaws to darknets while increasing surveillance of less technically proficient Internet users."[30]
The Domain Name System (DNS) servers, most often equated with a telephone directory, translate browser requests for domain names into the IP address assigned to that computer or network. The original bill requires these servers to stop referring requests for infringing domains to their assigned IP addresses. DNS is robust by design against failure and requires that a lack of response is met by inquiries to other DNS servers.[67]
Andrew Lee, CEO of ESET North America, objected that since the bill would require internet service providers to filter DNS queries for the sites, this would undermine the integrity of the Domain Name System.[68]
According to David Ulevitch, the San Francisco-based head of OpenDNS, the passage of SOPA could cause Americans to switch to DNS providers located in other countries who offer encrypted links, and may cause U.S. providers, such as OpenDNS itself, to move to other countries, such as the Cayman Islands.[69]
In November 2011, an anonymous top-level domain, .bit, was launched outside of ICANN control, as a response to the perceived threat from SOPA, although its effectiveness (as well as the effectiveness of other alternative DNS roots) remains unknown.[70]
On January 12, 2012, Sen. Patrick Leahy (D-VT), Chairman of the Senate Judiciary Committee overseeing PIPA,[71][72] and House sponsor Lamar Smith announced[73] that provisions related to DNS redirection would be pulled from their respective bills.[74][75]
A white paper by several internet security experts, including Steve Crocker and Dan Kaminsky, wrote, "From an operational standpoint, a resolution failure from a nameserver subject to a court order and from a hacked nameserver would be indistinguishable. Users running secure applications have a need to distinguish between policy-based failures and failures caused, for example, by the presence of an attack or a hostile network, or else downgrade attacks would likely be prolific."[76]
Stewart Baker, former first Assistant Secretary for Policy at the Department of Homeland Security and former General Counsel of the National Security Agency, stated that SOPA would do "great damage to Internet security"[67] by undermining Domain Name System Security Extensions (DNSSEC), a proposed security upgrade for DNS, since a browser must treat all redirects the same, and must continue to search until it finds a DNS server (possibly overseas) providing untampered results.[67] On December 14, 2011 he wrote that SOPA was "badly in need of a knockout punch" due to its impact on security and DNS:[67]
from the [Attorney General]’s point of view, the browser’s efforts to find an authoritative DNS server will look like a deliberate effort to evade his blocking order. The latest version of SOPA will feed that view. It allows the AG to sue “any entity that knowingly and willfully provides ... a product ... designed by such entity or by another in concert with such entity for the circumvention or bypassing of” the AG’s blocking orders. It’s hard to escape the conclusion that this provision is aimed squarely at the browser companies. Browsers implementing DNSSEC will have to circumvent and bypass criminal blocking, and in the process, they will also circumvent and bypass SOPA orders.
DNSSEC is a set of protocols developed by the Internet Engineering Task Force (IETF) for ensuring internet security. A white paper by the Brookings Institution noted, "The DNS system is based on trust," adding that DNSSEC was developed to prevent malicious redirection of DNS traffic, and that "other forms of redirection will break the assurances from this security tool."[77]
On November 17, Sandia National Laboratories, a research agency of the U.S. Department of Energy, released a technical assessment of the DNS filtering provisions in the House and Senate bills, in response to Representative Zoe Lofgren's (D-CA) request. The assessment stated that the proposed DNS filtering would be unlikely to be effective, would negatively impact internet security, and would delay full implementation of DNSSEC.[78][79]
On November 18, House Cybersecurity Subcommittee chair Dan Lungren stated that he had "very serious concerns" about SOPA's impact on DNSSEC, adding, "we don't have enough information, and if this is a serious problem as was suggested by some of the technical experts that got in touch with me, we have to address it."[80]
Brooklyn Law School professor Jason Mazzone warned, "Much of what will happen under SOPA will occur out of the public eye and without the possibility of holding anyone accountable. For when copyright law is made and enforced privately, it is hard for the public to know the shape that the law takes and harder still to complain about its operation."[43]
The Stop Online Piracy Act was introduced by Representative Lamar Smith (R-TX) and was initially co-sponsored by Howard Berman (D-CA), Marsha Blackburn (R-TN), Mary Bono Mack (R-CA), Steve Chabot (R-OH), John Conyers (D-MI), Ted Deutch (D-FL), Elton Gallegly (R-CA), Bob Goodlatte (R-VA), Timothy Griffin (R-AR), Dennis A. Ross (R-FL), Adam Schiff (D-CA) and Lee Terry (R-NE). As of January 16, 2012, there were 31 sponsors.[81]
The legislation has broad support from organizations that rely on copyright, including the Motion Picture Association of America, the Recording Industry Association of America, Macmillan US, Viacom, and various other companies and unions in the cable, movie, and music industries. Supporters also include trademark-dependent companies such as Nike, L'Oréal, and Acushnet Company.[82][83]
Both the AFL-CIO and the U.S. Chamber of Commerce support H.R. 3261, and many industries have also publicly praised the legislation.
In June 2011, former Bill Clinton press secretary Mike McCurry and former George W. Bush advisor Mark McKinnon, business partners in Public Strategies, Inc., started a campaign which echoed McCurry's earlier work in the network neutrality legislative fight. McCurry represented SOPA/PIPA in Politico as a way to combat theft on-line,[84] drawing a favorable comment from the MPAA.[85] On the 15th, McCurry and Arts + Labs co-chair McKinnon sponsored the "CREATE – A Forum on Creativity, Commerce, Copyright, Counterfeiting and Policy" conference with members of Congress, artists and information-business executives.[86]
On September 22, 2011, a letter signed by over 350 businesses and organizations—including NBCUniversal, Pfizer, Ford Motor Company, Revlon, NBA, and Macmillan US—was sent to Congress encouraging the passage of the legislation.[82][83] Fightonlinetheft.com, a website of The Coalition Against Counterfeiting and Piracy (a project of the United States Chamber of Commerce Global Intellectual Property Center,[87]) cites a long list of supporters including these and the Fraternal Order of Police, the National Governors Association, the U.S. Conference of Mayors, the National Association of Attorneys General, the Better Business Bureau, and the National Consumers League.[88][89]
On November 22 the CEO of the Business Software Alliance (BSA) said, "valid and important questions have been raised about the bill". He said that definitions and remedies needed to be tightened and narrowed, but "BSA stands ready to work with Chairman Smith and his colleagues on the Judiciary Committee to resolve these issues."[90][91]
On December 22, Go Daddy, the world's largest domain name registrar, stated that it supported SOPA.[92] Go Daddy then rescinded its support, its CEO saying, "Fighting online piracy is of the utmost importance, which is why Go Daddy has been working to help craft revisions to this legislation—but we can clearly do better. It's very important that all Internet stakeholders work together on this. Getting it right is worth the wait. Go Daddy will support it when and if the Internet community supports it."[93]
In January 2012, the Entertainment Software Association announced support for SOPA.[94] Some association members expressed opposition to SOPA.[95]
House Minority Leader Nancy Pelosi (D-CA) expressed opposition to the bill, as well as Representatives Darrell Issa (R-CA) and presidential candidate Ron Paul (R-TX), who joined nine Democrats to sign a letter to other House members warning that the bill would cause "an explosion of innovation-killing lawsuits and litigation."[96] "Issa said the legislation is beyond repair and must be rewritten from scratch," reported The Hill.[97] Issa and Lofgren announced plans for legislation offering "a copyright enforcement process modeled after the U.S. International Trade Commission's (ITC) patent infringement investigations."[33] Politico referred to support as an "election liability" for legislators.[98] Subsequently proponents began hinting that key provisions might be deferred with opponents stating this was inadequate.[99][100]
On January 14, 2012, the Obama administration responded to a petition against the bill, stating that it would not support legislation with provisions that could lead to Internet censorship, squelching of innovation, or reduced Internet security, but encouraged "all sides to work together to pass sound legislation this year that provides prosecutors and rights holders new legal tools to combat online piracy originating beyond U.S. borders while staying true to the principles outlined above in this response."[101][102][103][104]
Opponents include Google, Yahoo!, YouTube, Facebook, Twitter, AOL, LinkedIn, eBay, Mozilla Corporation, Roblox, Reddit,[105] the Wikimedia Foundation,[106] and human rights organizations such as Reporters Without Borders,[107] the Electronic Frontier Foundation (EFF), the ACLU, and Human Rights Watch.[108]
Kaspersky Lab, a major computer security company, demonstrated its opposition to SOPA and "decided to discontinue its membership in the BSA".[109]
On December 13, 2011, Julian Sanchez of the Libertarian think tank Cato Institute came out in strong opposition to the bill saying that while the amended version "trims or softens a few of the most egregious provisions of the original proposal... the fundamental problem with SOPA has never been these details; it’s the core idea. The core idea is still to create an Internet blacklist..."[110]
The Library Copyright Alliance (including the American Library Association) objected to the broadened definition of "willful infringement" and the introduction of felony penalties for noncommercial streaming infringement, stating that these changes could encourage criminal prosecution of libraries.[111]
On November 22, Mike Masnick of Techdirt called SOPA "toxic"[99] and published a detailed criticism[112] of the ideas underlying the bill, writing that "one could argue that the entire Internet enables or facilitates infringement", and saying that a list of sites compiled by the entertainment industry included the personal site of one of their own artists, 50 Cent, and legitimate internet companies. The article questioned the effect of the bill on $2 trillion in GDP and 3.1 million jobs, with a host of consequential problems on investment, liability and innovation.[113] Paul Graham, the founder of venture capital company Y Combinator opposed the bill, and banned all SOPA-supporting companies from their "demo day" events. "If these companies are so clueless about technology that they think SOPA is a good idea," he asks, "how could they be good investors?"[114] Prominent pro-democracy movement, Avaaz.org started a petition in protest over SOPA and so far has got over 1.2 million signatures worldwide. [115]
The Center for Democracy and Technology maintains a list of SOPA and PIPA opponents consisting of the editorial boards of The New York Times, the Los Angeles Times, 34 other organizations and hundreds of prominent individuals.[116]
Zynga Game Network, creator of Facebook games Texas HoldEm Poker and FarmVille, wrote to the sponsors of both bills highlighting concerns over the effect on "the DMCA's safe harbor provisions ... [which] ... have been a cornerstone of the U.S. Technology and industry's growth and success", and opposing the bill due to its impact on "innovation and dynamism".[117]
Computer scientist Vint Cerf, one of the founders of the Internet, now Google vice president, wrote to Smith, saying "Requiring search engines to delete a domain name begins a worldwide arms race of unprecedented 'censorship' of the Web," in a letter published on CNet.[118][119]
On November 18, 2011, the European Union Parliament adopted by a large majority a resolution that "stresses the need to protect the integrity of the global Internet and freedom of communication by refraining from unilateral measures to revoke IP addresses or domain names."[120][121]
On December 15, 2011, a second hearing was scheduled to amend and vote on SOPA. Many opponents remained firm even after Smith proposed a 71-page amendment to the bill to address concerns. NetCoalition, which works with Google, Twitter, eBay and Facebook, appreciated that Smith was listening, but says it nonetheless could not support the amendment. Issa stated that Smith’s amendment, "retains the fundamental flaws of its predecessor by blocking Americans' ability to access websites, imposing costly regulation on Web companies and giving Attorney General Eric Holder's Department of Justice broad new powers to police the Internet".[122]
In December 2011, film and comics writer Steve Niles spoke out against SOPA, commenting, "I know folks are scared to speak out because a lot of us work for these companies, but we have to fight. Too much is at stake."[123][124]
In January 2012, novelist, screenwriter and comics writer Peter David directed his ire at the intellectual property pirates whose activities he felt provoked the creation of SOPA. While convinced that the then-current language of SOPA would go too far in its restricting free expression, and would likely be scaled down, David argued that content pirates, such as the websites that had posted his novels online in their entirety for free downloads, as well as users who supported or took advantage of these activities, could have prevented SOPA by respecting copyright laws.[125]
On November 16, 2011, Tumblr, Mozilla, Techdirt, the Center for Democracy and Technology were among many Internet companies that protested by participating in American Censorship Day. They displayed black banners over their site logos with the words "STOP CENSORSHIP".[126]
In December 2011, Wikipedia co-founder Jimmy Wales initiated discussion with editors regarding a potential knowledge blackout, a protest inspired by a successful campaign by the Italian-language Wikipedia to block the Italian DDL intercettazioni bill, terms of which could have infringed the encyclopedia's editorial independence. Editors and others[127] mulled interrupting service for one or more days as in the Italian protest, or alternatively presenting site visitors with a blanked page directing them to further information before permitting them to complete searches.[128][129] As a result, the English-language Wikipedia will be blacked out for 24 hours on January 18.[130]
Markham Erickson, executive director of NetCoalition, told Fox News that “a number of companies have had discussions about [blacking out services]” last week[131] and discussion of the option spread to other media outlets.[132]
In January 2012, Reddit announced plans to black out its site for twelve hours on January 18, as company co-founder Alexis Ohanian announced he was going to testify to Congress. "He’s of the firm position that SOPA could potentially 'obliterate' the entire tech industry", Paul Tassi wrote in Forbes. Tassi also opined that Google and Facebook would have to join the blackout to reach a sufficiently broad audience.[133] Other prominent sites that are reported to be participating in the January 18 blackout are Cheezburger Sites,[134] Mojang,[135] Major League Gaming,[136] and Boing Boing.[137]
Wider protests have been considered and in some cases committed to by major internet sites, with high profile bodies such as Google, Facebook, Twitter, Yahoo, Amazon, AOL, Reddit, Mozilla, LinkedIn, IAC, eBay, PayPal, Wordpress and Wikimedia being widely named as "considering" or committed to an "unprecedented"[138] internet blackout on January 18, 2012.[138][139][140][141]
At the House Judiciary Committee hearing, there was concern among some observers that the set of speakers who testified lacked technical expertise. Technology news site CNET reported "One by one, each witness—including a lobbyist for the Motion Picture Association of America—said they weren't qualified to discuss... DNSSEC."[80] Adam Thierer, a senior research fellow at the Mercatus Center, similarly said, "The techno-ignorance of Congress was on full display. Member after member admitted that they really didn't have any idea what impact SOPA's regulatory provisions would have on the DNS, online security, or much of anything else."[142]
Lofgren stated, “We have no technical expertise on this panel today.” She also criticized the tone of the hearing, saying, “It hasn’t generally been the policy of this committee to dismiss the views of those we are going to regulate. Impugning the motives of the critics instead of the substance is a mistake.”[143]
Lungren told Politico's Morning Tech that he had "very serious concerns" about SOPA's impact on DNSSEC, adding "we don't have enough information, and if this is a serious problem as was suggested by some of the technical experts that got in touch with me, we have to address it. I can't afford to let that go by without dealing with it."[144]
Gary Shapiro, CEO of the Consumer Electronics Association, who had wanted to testify but was not invited, stated, "The significant potential harms of this bill are reflected by the extraordinary coalition arrayed against it. Concerns about SOPA have been raised by Tea Partiers, progressives, computer scientists, human rights advocates, venture capitalists, law professors, independent musicians, and many more. Unfortunately, these voices were not heard at today's hearing."[49]
An editorial in Fortune wrote, "This is just another case of Congress doing the bidding of powerful lobbyists—in this case, Hollywood and the music industry, among others. It would be downright mundane if the legislation weren't so draconian and the rhetoric surrounding it weren't so transparently pandering."[145]
Since its introduction, a number of opponents to the bill have expressed concerns. The bill was presented for markup by the House Judiciary Committee on December 15.
An aide to Smith stated that "He is open to changes but only legitimate changes. Some site[s] are totally capable of filtering illegal content, but they won’t and are instead profiting from the traffic of illegal content.”[146]
After the first day of the hearing, more than 20 amendments had been rejected, including one by Issa which would have stripped provisions targeting search engines and Internet providers. PC World reported that the 22–12 vote on the amendment could foreshadow strong support for the bill by the committee.[147]
The Committee adjourned on the second day agreeing to continue debate early in 2012.[11][148] Smith announced a plan to remove the provision that requires Internet service providers to block access to certain foreign websites.[75] On January 15, 2011, Issa said he has received assurances from Rep. Eric Cantor that the bill would not come up for a vote until a consensus could be reached.[149]
Senate Majority Leader Harry Reid plans to bring the Senate's version of the legislation (the Protect IP Act or PIPA) to a vote on January 24. Reid rejected a request by six Senators for a postponement, saying "this is an issue that is too important to delay."[150]
Wikimedia Commons has media related to: Stop Online Piracy Act |
So there was a dump a few days ago that had several companies including Yahoo, Google, Core Security, and Disney.
The Disney data interested me. Disney is awesome. I love going there even as an adult. There is something about that Disney brand of magic. It maybe expensive, but you get a premium experience with Disney.
I wanted to see what type of password logic was in place at that company. It takes a special right brained creative person to make Disney magic. What type of creative passwords did they have? Not very! All passwords were 8 characters or less! @purehate_ pointed out that DES hashes only allow 8 char max. Set Hashcat accordingly!
Below is a redacted output report from Pipal, an awesome tool for password analysis created by @digininja! Head over to digininja.org to download Pipal or fire up BT5 and apt-get it!
Total entries = 426
Total unique entries = 419
Password length (length ordered)
1 = 4 (0.94%)
3 = 2 (0.47%)
4 = 6 (1.41%)
5 = 9 (2.11%)
6 = 203 (47.65%)
7 = 97 (22.77%)
8 = 112 (26.29%)
Password length (count ordered)
6 = 203 (47.65%)
8 = 112 (26.29%)
7 = 97 (22.77%)
5 = 9 (2.11%)
4 = 6 (1.41%)
1 = 4 (0.94%)
3 = 2 (0.47%)
|
|
|
|
|
|
|
| |
|||
|||
|||
|||
|||
|||
|||
|||||||||
012345678
One to six characters = 219 (51.41%)
One to eight characters = 426 (100.0%)
More than eight characters = 0 (0.0%)
Only lowercase alpha = 186 (43.66%)
Only uppercase alpha = 1 (0.23%)
Only alpha = 187 (43.9%)
Only numeric = 13 (3.05%)
First capital last symbol = 1 (0.23%)
First capital last number = 12 (2.82%)
Single digit on the end = 83 (19.48%)
Two digits on the end = 43 (10.09%)
Three digits on the end = 14 (3.29%)
Last number
0 = 12 (2.82%)
1 = 54 (12.68%)
2 = 23 (5.4%)
3 = 10 (2.35%)
4 = 11 (2.58%)
5 = 12 (2.82%)
6 = 6 (1.41%)
7 = 10 (2.35%)
8 = 12 (2.82%)
9 = 8 (1.88%)
|
|
|
|
|
|
|
|
|
||
||
||
||| || |
|||||| |||
||||||||||
||||||||||
0123456789
Last digit
Character sets
loweralpha: 186 (43.66%)
loweralphanum: 170 (39.91%)
loweralphaspecial: 25 (5.87%)
numeric: 13 (3.05%)
mixedalphanum: 9 (2.11%)
mixedalpha: 7 (1.64%)
loweralphaspecialnum: 6 (1.41%)
upperalphanum: 2 (0.47%)
mixedalphaspecialnum: 2 (0.47%)
special: 2 (0.47%)
mixedalphaspecial: 2 (0.47%)
upperalpha: 1 (0.23%)
Character set ordering
allstring: 194 (45.54%)
stringdigit: 134 (31.46%)
stringspecial: 21 (4.93%)
stringdigitstring: 21 (4.93%)
othermask: 16 (3.76%)
digitstring: 15 (3.52%)
alldigit: 13 (3.05%)
stringspecialdigit: 4 (0.94%)
stringspecialstring: 3 (0.7%)
specialstring: 3 (0.7%)
allspecial: 2 (0.47%)
Hashcat masks (Top 10)
?l?l?l?l?l?l: 104 (24.41%)
?l?l?l?l?l?l?l?l: 40 (9.39%)
?l?l?l?l?l?l?l: 34 (7.98%)
?l?l?l?l?l?l?d: 26 (6.1%)
?l?l?l?l?l?d: 23 (5.4%)
?l?l?l?l?l?l?l?d: 18 (4.23%)
?l?l?l?l?d?d: 18 (4.23%)
?l?l?l?l?l?l?d?d: 11 (2.58%)
?d?d?d?d?d?d: 10 (2.35%)
?d?l?l?l?l?l?l?l: 10 (2.35%)
As of 1/1/2012, Disney did have 3 jobs related to Information Security open.
The first time our team SuperFlyAPTDongNinjas encountered the Kommand && KonTroll CTF, we got blueshelled.
Our team had skills, tools, even an 0 day or 2. We still lost. It stung and in our alcohol fueled debriefing, we knew we didn't just want to win, we wanted to take down every target including the Zeus C&C. In looking back at the previous challenge, we realized the critical missing piece was Communication!
@kingtuna came through in a huge way with his communication server, theTaint. We set up secure communication and file sharing. The chat room allowed us to share passwords, links, and c99 shells dropped on the boxes we owned.
The other tool that helped was Metasploit Pro. Metasploit Pro's ability to share shells allowed one team member to pop the box and pass the shell to someone else to look for data. Pro also saved the knowledge and download files and loot so that everyone on the team could review what was gained from the target. Lastly, tagging allowed us to mark off which box we owned and what we still needed to compromise. I also recommend setting Metasploit Pro to automatically set persistence in your shells. We found a BeEF server with a hooked browser that lead to us taking down the C&C. We set up Metasploit Pro to run a macro that made the session persistent knowing that if we lost the shell, we lost our chance to take down the target.
The secrets of our win: Communication and Teamwork.
After we won, we celebrated with a night of victory karaoke (I don't give a F#@K) followed by a breakfast of lobster!
Big thanks to the team SuperFlyAPTDongNinjas, without every single person, we would have failed! Also a big thanks to Rod and the %27 MiamiP0wnMachine team for setting up and running the CTF.
@rodsoto was watching from the console when he saw us pop a Windows XP Machine and look for the Zeus.
Final Scoreboard out of 10,000 points
Flag from the C&C!
5lb Lobster